Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Well, first, to access that folder, testuser would need to be a root user to access /root. Since everybody who can access /root is a member of root, you can't block someone out of /root/testdir. I don't know what your up to, learning or actually block everyone but testuser out of one folder. Notice that root and other members of the root-group always will have access to everything, so as long as this folder is in /root/ you will not be able to test it out properly. And to clear things up. You can't stop root from accessing things.
So, if learning is what you want, I suggest to move the directory to /tmp or /home or some other place.
Anyhow you can achieve to block everyone but testuser out of a directory like this:
chown testuser testdir
group to something, ie testgroup (Actually optional, but it's nice to do it)
chgrp testgroup /root/testdir
This could be done in one command
chown testuser.testgroup /root/testdir
Make sure testgroup exist.
Then change the modes:
chmod u=rwx,og= /root/testdir
That will set rwx for user (testuser) and nothing to the group and others.
Last edited by Dinithion; 10-23-2007 at 08:54 AM.
Thanks for the reply, very much appreciated. However, i feel i should revise my original question. (p.s. i am trying to learn and not cause any malicious damage to a system, so my appologies for using /root/testdir as an example).
What i would like to know is this :
If i have any folder at all, e.g. /test/testdir and the permissions are set to :
How would i allow read/write/execute access to this folder to only one other user? For example, with the folder above, the users root and cmc have access just now, however i wish for another user called 'testuser' to have read/wrte/execute permission on this folder also, so that only the users root, cmc and testuser have read/write/execute access to this folder, and no other users can write to it. If possible, i would like to avoid changing the owner or the group of the folder /test/testdir/
Well, thats the deal with *nix filesystem. They have a really straightforward policy. Either your owner, in the group or your someone else. So in this case, you have some solutions, but none like you are seeking.
1. You could have to create a group, and put cmc and testuser in to this group and change the group of the folder. (What you didn't want but it works).
Pros: Can be extended with more people to access file.
Cons: You have to change the group.
2. If you have one group for each user (It looks like you have), you can change the group to testuser.
Pros: You achieve what you want
Cons: You have to change the group.
3. Start using ACL. This is somewhat the same as the one you find in Windows. You can add more users with read/write permissions, without changing the owner, add groups with read/write, and do a lot of funky stuff. This should cover your needs.
Pros: You achieve exactly what you want. Its flexible, and ideal for fileservers, nfs, multiusercomputers sambashares etc.
Cons: You have to install software and enable ACL in the kernel (If it's not already activated). It's a bit more confusing then the traditional rwx, but its toppers when you first get it. Another con that I'm not sure of is the security of this system. I can't see any real danger or flaws, but who knows?