LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 06-07-2004, 07:25 PM   #1
EnigmaX
Member
 
Registered: Jul 2003
Distribution: Fedora Core 4
Posts: 107

Rep: Reputation: 15
Group Permissions issue


Hello,
I'm trying to make a server more secure. Here's the current situation on it...
All Virtual Hosts on it have their own user, their own group, and the server use ran on the user nobody. This is fine, except when each user logs into the server with ssh. This allows them to read the source of each file on the server as they will. I don't want them doing that.

I want the user nobody to be able to read the files, and the user to read them. I'm having a bit of trouble getting it to work right though, but it is most likely a really dumb reason o_0;

For this example, lets have a user named 'user' (Original, huh?)
I added the group user to the groups in nobody
nobody now has groups of: nobody, user
user still has only the group user
user's folder allows only the owner, and group to read the folder. not 'others'
nobody still can't access the folder, even though it is in user's group

I've also tried adding the group nobody to the groups of user, but that doesn't work either :/

So, how can I make it so only these two users can view the folder? The user, and nobody.
 
Old 06-07-2004, 07:38 PM   #2
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
Theres no unusal bits set for permissions?
 
Old 06-07-2004, 08:23 PM   #3
EnigmaX
Member
 
Registered: Jul 2003
Distribution: Fedora Core 4
Posts: 107

Original Poster
Rep: Reputation: 15
What do you mean? :/
If you mean if I have changed something with the permissions system-wide, no, I haven't.. o_0;
 
Old 06-08-2004, 07:44 AM   #4
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
I mean like an suid or other bits are set? Also make sure the parent directory is also readable.
 
Old 06-08-2004, 08:56 AM   #5
EnigmaX
Member
 
Registered: Jul 2003
Distribution: Fedora Core 4
Posts: 107

Original Poster
Rep: Reputation: 15
It is readable
I'm in the group, and the folder has group permissions set to read, so what would prevent me from reading it?
 
Old 06-08-2004, 02:58 PM   #6
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
Try adding execute permissions to the parent directories. ( Messing about with permissions myself this seemed to work. ) I think the problem is not having permission to execute a command on the directory.
 
Old 06-09-2004, 07:02 AM   #7
EnigmaX
Member
 
Registered: Jul 2003
Distribution: Fedora Core 4
Posts: 107

Original Poster
Rep: Reputation: 15
I have 'others' set to execute... and read...
 
Old 06-10-2004, 03:05 PM   #8
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Having others set to execute and read will allow anybody to execute or read the file.

nobody is normally used as an alias for a root user logging in from another system. The group 'users' may be a better group to use.
 
Old 06-10-2004, 07:50 PM   #9
EnigmaX
Member
 
Registered: Jul 2003
Distribution: Fedora Core 4
Posts: 107

Original Poster
Rep: Reputation: 15
I know that it will, someone recommended that I set the parent directory to readable, and it is.

Those are examples, I'm testing it on my computer with a fake account and my user account.
I'm part of the group, I know that.
But, even with group permissions set to +rx, I can't read the test directory...
Why?
 
Old 06-13-2004, 12:44 AM   #10
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
In linux, if you are the owner of the file, and the r permission bit isn't set for 'user', a read attempt will fail even if you are a member of the group with read permission.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
group permissions nanjil Suse/Novell 4 10-20-2005 01:51 PM
regarding group permissions zameer_india Linux - Networking 1 02-11-2005 04:07 AM
group permissions mikeghet Linux - Newbie 1 12-06-2004 03:49 AM
Group Permissions (m9.2) PaladinCowboy75 Mandriva 4 05-06-2004 08:20 AM
group permissions fuxored Linux - General 0 05-11-2002 08:54 AM


All times are GMT -5. The time now is 11:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration