LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 06-30-2012, 07:07 AM   #1
Sebi94
Member
 
Registered: Jun 2012
Posts: 34

Rep: Reputation: Disabled
Question New user with own rights, should only can access to his own directory and processes


Hello!
I want to realize something. I hope, you can help me. And sorry for my english. I'm from germany.

I want to add an user, which has his own directory and can only access to this directory. He should not be able to use "/etc/init.d/..." or "/var/www/..." or something else. He should have his own directory, like that: "/home/<user>/..."

And there is it him allowed to do all, what root allowed him. This user in my example should be able to run a server (called "Minecraft") with his permissions and he should be able to remove, copy, move and/or edit some files of this server. This server files are all in his own directory (/home/<user>/).

But it isn't allowed him, to edit, create, move and/or delete something of a another direcotry, like "/var/www/" or "/home/root/...".

It isn't him allowed to use the root permissions. And he should be able to login via SSH on the server with his own credentials (username + HIS OWN password).

I hope, somebody can follow me and explain me, how I can create this user like described here.

Thank you!

Last edited by Sebi94; 06-30-2012 at 07:09 AM.
 
Old 06-30-2012, 08:11 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
The user will need to read some system directories such as /bin/, and /etc/ to be able to run programs.

Check the permissions on your server to make sure they aren't too permissive. A regular user can read /etc/init.d/ but not execute the files as root. Check the permissions for "other". Regular users not part of a httpd or www group shouldn't be allowed access to /var/www/.

If the server's filesystem uses the ACL mount option, you could use setfacl to deny this particular user access to files & directories.

You could use ALLOW USERS in /etc/ssh/sshd_config to list the users allowed ssh access. All other users will be denied. This is a quick and easy way to disallow all system users ssh access. Also consider using PUBKEY authentication for SSH.
 
Old 06-30-2012, 02:55 PM   #3
Sebi94
Member
 
Registered: Jun 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
Okay, all right. But what have I to do now exactly?

I haven't got a graphical user interface (= GUI) on the server. It's only a terminal. How can I say my server-system, that he should add this user with the here named permissions?

Easily like that?
adduser --home /Tobias Tobias

And that's all, that the permissions are right?

EDIT: I have a little problem. The new user can't edit the files of the server, cause of permission issues. How can I say, that it is allowed him (for only this files)?

Last edited by Sebi94; 06-30-2012 at 03:40 PM.
 
Old 07-02-2012, 07:38 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Please be more specific. Are you saying the user can't edit his own file in his HOME directory? If not list the permissions and ownership of the containing directory (ls -ld <dir>) and of the files the user needs to edit. Consider adding the user to a group, if the directory and file ownerships use the group ownership for this purpose. You could also use setfacl to add permissions for another user or group. You can create a default ACL on the parent directory so new directories and files inherit the ACL.
 
Old 07-02-2012, 11:15 AM   #5
Sebi94
Member
 
Registered: Jun 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
I created a user with a home directory: adduser --home /minecraft tobias.

Quote:
user@linux:/# ls -ld /minecraft
drwxr-xr-x 12 tobias tobias 800 Jun 30 23:37 /minecraft
He should be able to edit each file and directory in this directory "/minecraft/". But he hasn't got the permissions to edit files. For example this one:
Quote:
Originally Posted by text file
user@linux:/# ls -ld /minecraft/server.properties
-rw-r--r-- 1 tobias tobias 447 Jun 30 23:23 /minecraft/server.properties
Quote:
Originally Posted by all files & directories
user@linux:/# ls -ld /minecraft/*
-rw-r--r-- 1 tobias tobias 0 Jun 30 23:24 /minecraft/banned-ips.txt
-rw-r--r-- 1 tobias tobias 0 Jun 30 23:24 /minecraft/banned-players.txt
-rw-r--r-- 1 tobias tobias 1311 Jun 30 23:24 /minecraft/bukkit.yml
-rw-r--r-- 1 root root 11592470 Jun 10 03:09 /minecraft/craftbukkit.jar
-rw-r--r-- 1 tobias tobias 46 Jun 30 23:15 /minecraft/craftbukkit.sh
-rw-r--r-- 1 tobias tobias 2576 Jun 30 23:05 /minecraft/help.yml
-rw-r--r-- 1 root root 1022 Jun 30 23:38 /minecraft/hilfe.txt
-rw-r--r-- 1 tobias tobias 5 Jun 30 23:24 /minecraft/ops.txt
-rw-r--r-- 1 tobias tobias 0 Jun 30 23:06 /minecraft/permissions.yml
drwxr-xr-x 2 tobias tobias 48 Jun 30 23:05 /minecraft/plugins
-rw-r--r-- 1 tobias tobias 25389 Jun 30 23:28 /minecraft/server.log
-rw-r--r-- 1 tobias tobias 447 Jun 30 23:23 /minecraft/server.properties
-rw-r--r-- 1 tobias tobias 0 Jun 30 23:24 /minecraft/white-list.txt
drwxr-xr-x 5 tobias tobias 240 Jun 30 23:28 /minecraft/world
drwxr-xr-x 5 tobias tobias 240 Jun 30 23:28 /minecraft/world_nether
drwxr-xr-x 5 tobias tobias 240 Jun 30 23:28 /minecraft/world_the_end
Would there help a "chmod 777 /minecraft/*"?

Quote:
Originally Posted by getfacl
user@linux:/# getfacl minecraft
# file: minecraft
# owner: tobias
# group: tobias
user::rwx
group::r-x
other::r-x

user@linux:/# getfacl minecraft/*
# file: minecraft/banned-ips.txt
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/banned-players.txt
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/bukkit.yml
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/craftbukkit.jar
# owner: root
# group: root
user::rw-
group::r--
other::r--

# file: minecraft/craftbukkit.sh
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/help.yml
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/hilfe.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--

# file: minecraft/ops.txt
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/permissions.yml
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/plugins
# owner: tobias
# group: tobias
user::rwx
group::r-x
other::r-x

# file: minecraft/server.log
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/server.properties
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/white-list.txt
# owner: tobias
# group: tobias
user::rw-
group::r--
other::r--

# file: minecraft/world
# owner: tobias
# group: tobias
user::rwx
group::r-x
other::r-x

# file: minecraft/world_nether
# owner: tobias
# group: tobias
user::rwx
group::r-x
other::r-x

# file: minecraft/world_the_end
# owner: tobias
# group: tobias
user::rwx
group::r-x
other::r-x

Last edited by Sebi94; 07-02-2012 at 11:19 AM. Reason: EDIT: +getfacl
 
Old 07-21-2012, 08:52 PM   #6
Sebi94
Member
 
Registered: Jun 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
Well... My actually solutions seems like that:

chmod -R 770 /minecraft
chmod -R 770 /minecraft/*

chown -R tobias:tobias /minecraft
chown -R tobias:tobias /minecraft/*


Now is he self the owner of this directory and all files have the permissions 770 (root and user: all permissions, others: nothing).
 
  


Reply

Tags
adduser, directory, permission, server, useradd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
User rights setup, Tomcat and Apache users both need access to a directory zeeshan12 Linux - Server 6 11-10-2011 06:38 AM
Apple mounted samba directory with bad access rights ToK Linux - Server 0 03-22-2008 05:23 AM
/home rights for Active Directory user? cwhitmore Linux - Security 1 09-22-2006 01:57 PM
Domain User Access Rights engnet Linux - Security 0 10-30-2005 01:40 AM
File/directory access rights klmn1 Linux - Software 3 05-29-2003 02:14 AM


All times are GMT -5. The time now is 06:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration