Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am putting together a system for the kids (3 and 5) and guests. I am just about to go live with this system, but there is one last thing that I am having trouble searching a good tutorial for, and that is user creation with defined permissions or a lack of permissions as the case may be. I would like to create for the kids an account that has no write permission to prevent the fifteen "untitled folder"s on the desktop (or deleting, say /etc) and for the guests that will prevent them browsing the file system.
Basically I want to create accounts that can use some programs like Gcompris for the kids and Firefox for the guests and nothing more.
So, basically you want to prevent any non-root user from writing to any files/folders on the file system? You shouldn't have to worry about critical system folders, as their write access is restricted to the root user by default (e.g. /etc, /usr, /bin, etc.). As for preventing write access to the /home directories, I believe you'll have to do this yourself. you should be able to do this:
chmod -w /home/(whatever)
as root. The folder will still be readable, but the user cannot write any new files to the directory, nor can they change existing ones.
I'm really no expert, but I hope this at least helps. And since this is done from the command line anyway, I don't think you'll need to worry much about your kids getting around this measure (unless they're familiar with the CLI, ).
BTW, this is assuming the accounts are already there...you should already have at least one non-root account on the system.
For instance (Ubuntu 9.0.4) I created an account for myself at install called "test" which I use to administer the system using sudo and test's password when root privileges are needed and a second, "nonprivileged user" account for my kids called "kids". If I login as kids, I can still browse to /home and from there I can see test's home directory and from there view many if not all (I'm aiming for none) of the files in that directory.
In Ubuntu once logged in as some user, there is an option for "guest session" that does all this, even going so far as to keep "guest" out of /home. I would like that level of separation from the file system. The only reason this isn't an option is that it's only available from another account and there is no password required to go back to the original account and it's options.
I would assume that there's a way to set the permissions on the user side rather than on the file side?
All you have to do is log in as test, then do the following:
you should see the homes here, say kids and test:
sudo chmod -R 770 test/
That will change the permissions to USER + GROUP full permissions, GLOBAL no permissions. This means that the 'kids' can't navigate into the 'test' home directory anymore. Obviously, maybe tweak to 750 permissions, or something like that.
Have just done that there myself. Try logging in now as a user other than test, you will find you have succeeded. Don't mind the error, that is a special file used to handle HAL and automounting of things, the system will not let you change those permissions.
Thanks, that did help and access to my home file is now blocked from the other account, and since moving the mount point to my samba shares to my home directory, that is safe too.......but that account can still view for instance /etc/fstab which for now at least has my samba credentials in plain text...I know I should create a credentials file and I will later.......but for now I don't think I can chmod that low in the tree safely can I? I'm pretty sure that I can't since the delay in response came from typing:
#sudo chmod -R 770 / test
On the bright side though I've got a reinstall/reconfigue/reupdate down to an hour! HA!