LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-25-2005, 07:02 AM   #1
bowie101
Member
 
Registered: Nov 2005
Distribution: FC4 & RHES
Posts: 105

Rep: Reputation: 15
Do I have your permission to ask a ? about Permissions?


Hello. Newbie here. I'm keep having this wide gap, between what I want to do with permissions, and what I read I can do with permissions. Maybe it's just how the info is layed out in the book, on the subject that makes me unable to bridge the gap, I don't know. B/c I'm sure i can do this, the question is how.


basically this : Lynux box with Apache server /website on it.

I want to give user 1 - "brian" - access to certain subdirectories within the website directory, but not all. I want to give him access to certain subdirectories outside of the website, still in linux, but not all.

So, am I changing the permissions for him? for the folder?


Also, giving someone FTP access without letting them into the linux box itself.
best way? How to? My thought here was, maybe give them a group ID and password, and no user ID and password, but ..


damn! I haven't gotten to what I believe is the essense of my permissions questions, but this is a start. I'll come back with more later. It's so big in my mind, that it's hard to "write it down", but good to start typing and sort it out.


Basically, I guess I'm wondering how to differentiate different users with different permissions. there are group permissions, but how do you set , for a certain file or directory, 1 set of permissions for one certain group, vs. another set of permissions for another group, for that same file or directory? you see? how do you differentiate differrent groups? and different individuals too, for that matter? (per 1 certain directory, subdirectory, or file). Does that involve modifying permissions for both the file and the group? Well, that's sort of a guess, in that I believe it must, but I don't know how. So a yes wouldn't really confirm much for me. But I'm just trying to wrap my head around permissions to get them to do what I want them to do. ...


eventually, I'll get to the exact, correct questions that I'm trying to articulate, but this is a good start.
 
Old 11-25-2005, 08:46 AM   #2
clb
Member
 
Registered: Sep 2004
Location: UK
Distribution: Ubuntu
Posts: 117

Rep: Reputation: 16
For any file/directory under Linux you have three sets of permissions, owner, group and other.
You can set either of these three to read, write or execute.. Basically, owner refers to the user that created the file, or anyone who it has been chowned to, group refers to everyone within the users group(s), and other refers to everyone outside of that users groups.

What do you mean, give someone FTP access, but no access to the Linux box? By giving them FTP access you are granting access to the box. I presume you are talking about chrooting so they are restricted to their own home dir, maybe take a look at http://www.pureftpd.org/

This may, or may not, be helpful, but without rally knowing what you want I cant do much to help.
 
Old 11-26-2005, 07:25 AM   #3
bowie101
Member
 
Registered: Nov 2005
Distribution: FC4 & RHES
Posts: 105

Original Poster
Rep: Reputation: 15
i understand user group and everyone. this is what all books start out with, and all i've seen pretty much end with on the subject.

here's one of my points : how do you give one defined group one kind of access, (Read only) and another group, another kind of access (+RW) to certain files index.html, contact.html, and press_release1.html (just to pick arbitrary names). And then, restrict those groups from entering the images folder, and restrict them from going into the /usr/sbin/ subdirectory (again, just as an arbitrary example, for purposes of discussion).

by the same token, how do i give idividual users, belonging to no groups, and not the owner, Read write and execute permission for one file, and not for the other?

Maybe I need to change my thinkin in terms of what constitutes or should constitute an "owner" and the proper time to make a group?

Maybe a real-world scenario would help me out.

Thanks. B101
 
Old 11-27-2005, 08:30 AM   #4
bowie101
Member
 
Registered: Nov 2005
Distribution: FC4 & RHES
Posts: 105

Original Poster
Rep: Reputation: 15
i'm sorry i'm new at this, but my questions remain. thanks,b.
 
Old 11-27-2005, 09:43 AM   #5
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 75
Lets say you have a directory /www/html with the files index.html, contact.html, and press_release1.html, you could create a group called wwwusers and let them own /www/html by doing chgrp -R wwwusers /www/html. You could then give wwwusers rw access and others read only access by doing chmod 664 /var/www/html/*.html . If you have /www/html/images and you don't want wwwusers and others to enter into that subdirectory, you would do something like chmod 700 /var/www/html/images. If these directories are on a webserver, note that no images will be loaded on your site because you will have disabled world read permissions for the images directory.

Quote:
by the same token, how do i give idividual users, belonging to no groups, and not the owner, Read write and execute permission for one file, and not for the other?
All users on your system belong to one or more groups. Use different groups for different things and give appropriate permissions to the group and others to access these files in the way that you desire.
 
Old 11-27-2005, 12:19 PM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,511

Rep: Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389
If you have installed support for it in your kernel and are using the right filesystems, Linux does support the concept of Access Control Lists (ACLs), which allow for fine-grained access control.

Here is an on-line article entitled "Introduction to Linux Capabilities and ACLs" to help you get started. To quote in part:
Quote:
Unix systems have always utilized a security system that gives normal users a minimal amount of privilege, while creating a single account, known as the 'root' account, that has full privileges. The root account is used to administer the machine, install software, create new users, and run certain services. Many common activities that require root privileges are often run as the root user, via the concept of setuid.
This dependence upon a single account for performing all actions requiring privilege has proven to be somewhat dangerous. Programs often need root privileges for a single activity, such as binding to a privileged port, or opening a file only root can access. Vulnerabilities are often found that could perhaps be eliminated if these programs didn't run as root.
In version 2.1 of the Linux kernel, work was started to add what are known as capabilities. The goal of this work was to eliminate the dependence on the root account for certain actions. [...]
Another interesting project being worked on, also to compensate for some short comings in the file access control realm, is the Linux ACL project. These extend the [filesystem] to allow for a finer degree of access control than is normally allowed. [...]
ACL's present a way to add finer file-level access control. Whereas default Unix permissions allow for permissions to be associated with a single owner, group and the rest of the world, ACL's allow permissions to be set for multiple groups or individuals.
The Linux implementation corresponds generally to the Posix standard. The Windows-NT operating system also supports the same ideas (both capabilities and ACLs), and has slightly different features.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
can't execute c++ binaries, "permission denied"... even though permission is 777 SerfurJ Programming 14 02-20-2009 05:50 AM
file permissions OK, but command permissions? stabu Linux - General 2 10-05-2005 01:00 PM
permission ... permissions .... permissions alaios Linux - General 1 05-31-2005 05:16 AM
change file permissions recursivly without changing permission of directories eNTi Linux - Software 8 10-15-2004 04:37 PM
getting a directory's permissions and creating a new one with the same permissions newbie1000101 Programming 1 04-10-2004 01:52 PM


All times are GMT -5. The time now is 08:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration