Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I have been using linux for years now but I have never thought about this until now
What if I want to deny a specific user from accessing a specific folder, how can this be done?
This command is after a quick search
Quote:
Set the permissions for the user and the group to read and execute only (no write permission) on mydir.
$ chmod ug=rx mydir
$ ls -ld mydir
dr-xr-x--- 2 unixguy uguys 96 Dec 8 12:53 mydir
where did this command specify the user or the group?
and as a modern linux user how can this be done through the GUI? (you may not answer that)
In the permissions tab in any file properties under "Advanced permissions" you will find three check boxes "Set UID", "Set GID" and "Sticky" what are these?
Hmmmm---starts like a real question and ends sounding like homework.....
I'm not up on the "sticky" part, so I'll stick to basics....pun unintentional....
For any file or directory, you have 3 entities: the owner, the group, and everyone else. To control access to ONE item, simply assign it to a unique group, and then manage who gets assigned to that group....
To the best of my knowledge, there is no simple way to deny just one user---you have to just make sure that he or she is the only one not assigned to the unique group.
Also look at the manpage for setfacl. I will sometimes have to resort to the manpage to remember the exact syntax, so I'm not really RTFM'ing you. The manpage has examples, which are clearer then using the --help option.
If there is already a group assigned, and you need more granular control, setfacl can help. Especially in a case such as when the group has read-only access but you want a particular user to have read-write control.
Of course, you should create your own users and learn by experimentation, using chmod, chgrp and setfacl on a directory and gain first hand experience using permissions.
First, I have finished my education for a very long time so this is not a homework.
Second, I am Microsoft Certified and administering a windows 2003 server and of course a windows network. Linux OS is on my personal laptop only so there is no one using it but me. I have never thought about securing a folder in linux until I read this article yesterday about windows 7 security.
In windows you can explicitly deny a user from accessing a folder in a couple of simple steps but it seems to be more than that in Linux. and your replies just made me think I have to go out to the very beginning to understand how to do such a simple task. for example in all those years I have not heard/used chown, setfacl, getfacle, acl or umask. Only chmod 777 and sometimes done with kdesudo dolphin so I do not have to open a konsole
I do not know where to start but I need a source that will sum all things up not a man page explaining a single command or a command for a single task. if you know such source please let me know
Does not that syntax change the owner and the group attributes for the file? i.e. you would still have to assign your restricted user to the "excluded-user" group.
Fundamentally, Linux perms are built around the concept of restricting positive access, not specifying negative access.
IOW, get the correct ownerships (user:group) and give the minimum reqd access perms (of rwx) to each of ugo (user,group,other).
For finer tuning, you may add acls.
Fundamentally, Linux perms are built around the concept of restricting positive access, not specifying negative access.
IOW, get the correct ownerships (user:group) and give the minimum reqd access perms (of rwx) to each of ugo (user,group,other).
For finer tuning, you may add acls.
I think you mean that the computer is restricted to the root account only and whoever I want to access a folder I give them a permission for that specific folder, other than that the user is already restricted
Not exactly. That link in post #8 is good. Have a read first, then come back with any qns.
Just point out that for a file rwx = read,write,execute; for a dir its read,write,x=search(!).
See also http://en.wikipedia.org/wiki/File_system_permissions
Does not that syntax change the owner and the group attributes for the file? i.e. you would still have to assign your restricted user to the "excluded-user" group.
On the systems I am familiar with every user has a default group that is the same as their username. What I meant was, assign ownership of the file to some arbitrary user, and assign the group to that default self-named group of the user to be excluded, not to some larger group that includes the user. While I think that approach would work, after thinking about it some more, I believe my memory may have been in error. See what you think about this example:
The username to be excluded is "excluded-guy"
The file is named FILE
We want everyone else to be able to read or write to the file.
Then root could do:
# chown excluded-guy:root FILE
chmod 077 FILE
If FILE was in a directory owned by root, then anyone except excluded-guy could read or write, but not delete FILE, and excluded-guy could do neither, but would be able to see it in a directory listing. Imagine the frustration of being the owner of a file, yet you can't read, write, or delete it!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.