Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
eh... so lemme get this straight... I'm going to make a group, and im gonna put all of these users in this group. then, im gonna make this group part of root. after that, i'm going to give them each 500 since that means they can read their folder, the rest of that group can't read it, and the world can't read it... correct? and since they will be in a root group.. uh... why do they need to be in the root group?
Justin,
I think what Matir means is the following: (as root do)
Change access perms on home dirs:
chmod -R 750 /home/*
Change ownership on home dirs:
chown -R root /home/*
Create group for users accessing your DEBIAN server:
groupadd <new-group-name>
Change group ownership on all home dirs:
chgrp -R <new-group-name> /home/*
Add each of your users to this new group:
usermod -G <new-group-name> each-user
If you're also using Samba, you can make the share read-only while also specifying a write list, a list of users (namely you) who have permissions to write to the folder) (read only = yes ; write list = justin).
If you wish to upload file to user directories, you can use smbfs/smb.mount and mount these under /mnt (rather than your home dir). (Alternatively, you could use rsync or sftp to upload files.)
mkdir /mnt/each-user-name
mount -t smbfs -o username=your-username //DEBIAN/name-of-user /mnt/name-of-user
So, if you have a user "ted" with a home dir of /home/ted on DEBIAN, and your group name is "untrust" on DEBIAN,
okay, i've done everything you said, but yet i still have no permissions on my ubuntu computer to add things to his folder. and at first, his folder was an unknown file type. Oh, and also, my smb.conf files don't have either of those options. am i supposed to add them?
Last edited by Justin2021; 07-27-2006 at 03:05 PM.
Ok, you need to connect to the samba share as root in order to place things in their directories. And to keep them from reading each others files, you need to set them up each in their own group (some distros do this by default) and make the group for their homedir that group.
Hi Justin,
Hmmm... Matir is right: if you add all users to one group, and set homedirs to that same group, users will be able to wander into and read each other's home directories, even though they won't be able to write anything. If you don't want them wandering/reading, you'll need to put each in their own group and change the group ownsership on their home dir to their group. For ex.,
chown -R justin.ted /home/ted
Would make you owner and the group "ted" group-owner of ted's home dir. Before you could do this, of course, you'd have to create the group "ted" with groupadd. Your distro may already have done this for the groups. Check the group owners with ls -l /home
Also another correction to my earlier post. Don't change ownership of DEBIAN home dirs to *root*; instead change it to *justin*.
Then, when you connect as justin using Samba, you'll automatically have write permissions. You might need "create mask = 750" and "directory mask = 750" in the smb.conf share definition to prevent files written by samba from having higher permissions.
Ah, yes, I didn't even think about making the dirs owned by another user. Good call. Then you'd need to add 'justin' to all the user groups. Also, you want to set the setgid bit on each directory to make sure that any files you place there receive the right group permissions.
Nope, the 2 sets the setgid bit, so whenever you place files there the files will be owned by the user's group. A more specific way of setting permissions would be:
so i did a test by mounting //debian/ted to my /home/justin/debian folder, i signed in as justin when mounting, and I could both drag, and drop files, but when i signed in as ted, i could do neither... i want them to atleast get files from their folder and drop them onto their computer.. was there something i might have done wrong? i know that he is in his own group.. but here is the result of ls -l /home (ted is the only one im testing on at the moment)
You should check the permissions on the files you attempted to drag and drop as the user ted. Perhaps these were created before you set the sticky bit and so did not have ted's group associated with them. In this case, ted would have no access to them.
ls -l /home/ted
will list perms on all files in ted's homedir.
Just to be sure, you might also check ted's in his own group:
The reason ted can't access the file is that it is owned by user justin and group justin. The read out from ls, "justin justin", tell us this. It should instead read "justin ted" signifying owner justin and group ted.
As justin or root do:
chgrp -R ted /home/ted/*
This will change everything in /home/ted to group ted.
Then to check again,
ls -l /home/ted
The directory /home/ted is already set to group ted as we saw previously, so this last change should fix everything.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.