LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-17-2002, 04:53 PM   #1
chupacabra
Member
 
Registered: Oct 2002
Posts: 30

Rep: Reputation: 15
Question How to set permissions to read, execute, write for users only


what would it be the permissions command [chmod ???] so that users are able to read, write, and execute stuff on their *OWN* home directories, nothing more, nothing less?

On a test bogus user I created [chupacabra], I can login via SSH or Telnet or whatever or even locally in front the computer, and chupacabra is able to read what john, mary jane, joe have in their directories.

I want to prevent that so user 'chupacabra' can access [read, execute, and write] to his own home directory only.

Is there any command I run as root and takes care of this for all the users, present and future -without having to retype the command each time I add a user?

Thanks,
el chupacabra
 
Old 12-17-2002, 05:19 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,983
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Quote:
I want to prevent that so user 'chupacabra' can access [read, execute, and write] to his own home directory only.
well ... that's a
chmod go-rwx /home/chupa
cd /home/chupa
chmod -Rv go-rwx *

I don't know where the default umask for
a users home is being set, though .... :/

Cheers,
Tink
 
Old 12-17-2002, 05:20 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
The permissions on the user dirs and stuff below shouldn't exceed octal 0750 then. That also means you have to adjust your /etc/profile or whatever their shell reads umask from to use umask 027 (subtr.) for future files. I do it like this:
id=( $(id -u) $(id -g) ); if [ ${id[0]} -ge 500 -a ${id[1]} -ge 500 ]; then umask 027; fi
 
Old 12-18-2002, 03:54 PM   #4
chupacabra
Member
 
Registered: Oct 2002
Posts: 30

Original Poster
Rep: Reputation: 15
more questions below

Quote:
Originally posted by unSpawn
The permissions on the user dirs and stuff below shouldn't exceed octal 0750 then.
Then as a root should I just issue ' chmod 750 /home/* ' then so nobody can see each other's files not even system files? right?

Would that prevent users from seeing each other's files and system's files when they log on via SSH or logon locally?

I set Samba this way and it works when the Windows clients connect to the 'data' share. But it works just for Samba, not SSH of course.

[data]
.... ;other parameters
dont descend = Desktop evolution ;can see folders but not contents
hide dot files = yes ;treats Unix hidden files as hidden files in Windows.
hide files = alpha beta ;samba hides those files
veto files = xfiles ;xfiles will never show up


Quote:
That also means you have to adjust your /etc/profile or whatever their shell reads umask from to use umask 027 (subtr.) for future files. I do it like this:
id=( $(id -u) $(id -g) ); if [ ${id[0]} -ge 500 -a ${id[1]} -ge 500 ]; then umask 027; fi
In what part of my profiles should I put this script you just gave me then? below there's sample of my profiles.

Quote:
id=( $(id -u) $(id -g) ); if [ ${id[0]} -ge 500 -a ${id[1]} -ge 500 ]; then umask 027; fi


#===============sample of a profile I have on my system========
# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

pathmunge () {
if ! echo $PATH | /bin/egrep -q "(^|$1($|" ; then
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
fi
}

# Path manipulation
if [ `id -u` = 0 ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
fi

pathmunge /usr/X11R6/bin after

unset pathmunge

# No core files by default
ulimit -S -c 0 > /dev/null 2>&1

USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"

HOSTNAME=`/bin/hostname`
HISTSIZE=1000

if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then
INPUTRC=/etc/inputrc
fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC

for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
. $i
fi
done

unset i
#============end of sample profile =======================

Thanks guys,
el chupacabra
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
read write permissions petenyce Linux - Newbie 2 09-30-2005 12:53 AM
samba, some users read, others write? softmoo Linux - Networking 1 07-06-2005 11:13 AM
Set Execute Permissions? scottlyter Linux - Software 3 10-19-2004 04:42 PM
SAMBA Read/Write permissions Tenover Linux - Newbie 5 11-04-2003 12:45 PM
How to Read, Write, Execute but not Delete r042wal Linux - Software 6 06-07-2003 11:05 AM


All times are GMT -5. The time now is 09:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration