How to set permissions to read, execute, write for users only
what would it be the permissions command [chmod ???] so that users are able to read, write, and execute stuff on their *OWN* home directories, nothing more, nothing less?
On a test bogus user I created [chupacabra], I can login via SSH or Telnet or whatever or even locally in front the computer, and chupacabra is able to read what john, mary jane, joe have in their directories. I want to prevent that so user 'chupacabra' can access [read, execute, and write] to his own home directory only. Is there any command I run as root and takes care of this for all the users, present and future -without having to retype the command each time I add a user? Thanks, el chupacabra |
Quote:
chmod go-rwx /home/chupa cd /home/chupa chmod -Rv go-rwx * I don't know where the default umask for a users home is being set, though .... :/ Cheers, Tink |
The permissions on the user dirs and stuff below shouldn't exceed octal 0750 then. That also means you have to adjust your /etc/profile or whatever their shell reads umask from to use umask 027 (subtr.) for future files. I do it like this:
id=( $(id -u) $(id -g) ); if [ ${id[0]} -ge 500 -a ${id[1]} -ge 500 ]; then umask 027; fi |
more questions below
Quote:
Would that prevent users from seeing each other's files and system's files when they log on via SSH or logon locally? I set Samba this way and it works when the Windows clients connect to the 'data' share. But it works just for Samba, not SSH of course. [data] .... ;other parameters dont descend = Desktop evolution ;can see folders but not contents hide dot files = yes ;treats Unix hidden files as hidden files in Windows. hide files = alpha beta ;samba hides those files veto files = xfiles ;xfiles will never show up Quote:
Quote:
#===============sample of a profile I have on my system======== # /etc/profile # System wide environment and startup programs, for login setup # Functions and aliases go in /etc/bashrc pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi } # Path manipulation if [ `id -u` = 0 ]; then pathmunge /sbin pathmunge /usr/sbin pathmunge /usr/local/sbin fi pathmunge /usr/X11R6/bin after unset pathmunge # No core files by default ulimit -S -c 0 > /dev/null 2>&1 USER="`id -un`" LOGNAME=$USER MAIL="/var/spool/mail/$USER" HOSTNAME=`/bin/hostname` HISTSIZE=1000 if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then INPUTRC=/etc/inputrc fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC for i in /etc/profile.d/*.sh ; do if [ -r "$i" ]; then . $i fi done unset i #============end of sample profile ======================= Thanks guys, el chupacabra |
All times are GMT -5. The time now is 01:44 AM. |