LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 10-28-2008, 08:57 PM   #1
mhg
Member
 
Registered: Apr 2007
Location: Utah
Distribution: BodhiLinux
Posts: 205

Rep: Reputation: 30
different users can all access file system and copy/paste?


I have been messing around, trying to learn more. Created another user with password. Everything is owned by me. So I log in as the other user, and sure enough, I can not use files. But I open "file system" and I can see everything, all I have to do is copy what I want, paste it in the users /home, and now that user is the owner. No security there at all.

What am I missing?

I may well have everything owned by me, and nothing owned by root, but I am not sure (trying to fix something else I screwed up).

Thanks

Quick edit: "file system" is listed as owned by root.

Last edited by mhg; 10-28-2008 at 08:59 PM.
 
Old 10-28-2008, 09:20 PM   #2
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Read up on Linux file permission. If you do not want certain files to be read by others you need to apply appropriate permissions. For example 'chmod 600 /path/to/certain/file' will make that that file writable/readable by only owner of that file.

To illustarate try copying /etc/shadow as ordinary user and see what happens

Last edited by klearview; 10-28-2008 at 09:51 PM. Reason: clarification
 
Old 10-28-2008, 09:23 PM   #3
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,036

Rep: Reputation: 372Reputation: 372Reputation: 372Reputation: 372
Quote:
Originally Posted by mhg View Post
I have been messing around, trying to learn more. Created another user with password. Everything is owned by me. So I log in as the other user, and sure enough, I can not use files. But I open "file system" and I can see everything, all I have to do is copy what I want, paste it in the users /home, and now that user is the owner. No security there at all.

What am I missing?

I may well have everything owned by me, and nothing owned by root, but I am not sure (trying to fix something else I screwed up).

Thanks

Quick edit: "file system" is listed as owned by root.
From your terminology, I deduct that you are operating from a graphical file manager. If you have used it as root, you might very well have screwed yourself, that's why people usually say "don't use X as root", because, indeed, there's absolutely no need.

The first things I have to know, and it's not clear by your first post, is if you changed the permissions of everything in your filesystem to belong to a given user, instead of root. If you changed everything starting from / with new permissions/ownership, your best bet is to reinstall.

When describing this kind of stuff, it's very important that you tell us all the details. For example, we don't know what file manager you are using, and I really don't know how they handle the things. Using the standard linux terminology would be better (for example, I assume that when you say "file system" you mean "/").

If that's the case, you need to know that the regular users can see (read) only what they are supposed to see. They need read permissions in most of the files of the system, so, it's not strange at all that you can read those files and copy them into your home (how would you run a program without reading the binary file that holds it to load it into memory?).

There's absolutely no risk on that, and that you copy this stuff in your home is not going to give you any degree of control nor any extra facilities at all.

On the contrary, there are some bits of the system that you are not going to (well, should not be able to) read. You should not be able to access /etc/shadow, for example, which holds the hashes of the passwords of the system. You shouldn't be able either to read on other users's home directories, unless you are root or they gave you permission to do so.

If you can do either of these, then you screwed something.
 
Old 10-28-2008, 09:40 PM   #4
mhg
Member
 
Registered: Apr 2007
Location: Utah
Distribution: BodhiLinux
Posts: 205

Original Poster
Rep: Reputation: 30
Sorry for the lack of detail, and thanks for the tips.

I am using gnome desktop, and just using the "browse" option when opening a folder, so when I do that "/" is listed as "file system".

I didn't screw myself up too much. All the permissions I was messing with started with "/home", so "/" was left alone.

I am trying to get a feel for chown and chmod. I don't have anything critical on this distro, so no catastrophe if I screw things up (but I would certainly rather not!).

Thanks for the patience. I will read more about permissions, and experiment some more. I tried the chmod 600, and that was weird.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to copy and paste things between vim and system clipboard grissiom Slackware 43 09-30-2013 02:23 AM
Copy Text File and Paste to /hdd CD-RW aquatux Suse/Novell 3 12-29-2006 06:32 AM
Which light text editor can copy text from file and paste in browser? davidas Linux - Software 9 03-06-2006 11:28 AM
can copy-paste or create new file/folder, if boot from live cd gjo Linux - Distributions 3 09-17-2004 08:43 AM
How do you copy and paste a file from a command prompt? thenewguy05 Linux - Newbie 6 07-13-2004 03:41 PM


All times are GMT -5. The time now is 06:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration