user admin
 

I am using RHEl 5.

I have created a user and touched a file say abc.

I want to give full permission for the user to use the directory. However, he should not have access to edit the file which I have created in the directory eg abc.


Dir name: XYZ ( full permission)
file name: ABC ( only read permision he should not be able to edit it)

and only root should have full permission to read and write.

What is the command to do so.

Read the manuals for the commands chmod and chown:
man chmod
man chown

You can also consider different group permissions and ownerships. Root does always have full permissions by default.

In your case the folder permissions could be set with "chmod 777" to have it read and write for anyone (you did not tell who shall own it). For the file you could set chmod 644 so that only the owner of it the has write permission and all other can only read it.

Read the man page on the chmod command (type in "man chmod" at the command prompt), and the chown command ("man chown"). Pay attention to the group that the user is in, and the group/owner of the file and the directory. Those hints and the man page should be what you need.

This sounds like a verbatim homework question, and this is covered in the LQ Rules. If you're stuck, post what you've tried and what results you've received, and we will be happy to HELP you.

You should have a look at file permissions. The Slackbook has a nice chapter about that: http://slackbook.org/beta/#id360362

--Create abc file with contents one two three:


--Set permissions to file 'abc'


--Test if regular users can edit file 'abc'

Regular user can read but cannot write.

Try it your way.

The 'man pages' are the best instructors.

Good luck. Hope that helps.

Setting the file to 755 will add execute permissions, which are not needed in this case. So the correct number to use with chmod should be 644 instead of 755.

That would not only make it readable for all, but executable too..

I see the need to inform a little bit more about making files executable, especially if root is the owner of a file..

If the file is executable by all (755) and it contains code, it can lead to quite nasty things since root has the power to do just about anything. Imagine the file containing the code "rm -rf ~.thunderbird", then if a user doubleclick on that file in a filemanager, it will execute the code that in this case will wipe out the whole .thunderbird directory with all saved emails for the user in question. So never make a file executable if it is not meant to be that, and especially if the root is the owner of it.

File permissions and ownerships can be really complicated. Normally an executable file is run as the user running it, with the permissions of that user, but you can also set it to run as the owner of the file, it is called setuid, and now things can get really dangerous if the root is the owner. If you do chown 4755 and the file contains the code "rm -rf *.*" then any user running it will wipe out everything on all your harddisks and all removables that are mounted writeable. So be careful and use permissions with extreme caution if you do this as root, especially on files owned by root.

If you want a directory world writeable, as you wrote, i recommend that you also set the sticky bit. If you apply the sticky bit on the directory, users can do anything they want with files they create, but they can't write to or delete files which they didn't create. Neat feature. You do this to a directory like this: chmod 1777

Here is a little good piece written about these little more advanced permission features:

http://rackerhacker.com/2007/02/13/c...s-first-octet/

Yea I know. I have given that 755 only to facilitate the OP's experimentation as he seeks also something about directory "xyz/" which should he fail to set it executable he might all the more get confused why he cannot list the directory file; this is quite confusing to a newbie but he should learn the difference between a directory (that needs +x) and a file that only need +rw. 666 or 744 would still be workable to a file though, but if mistakes that to a directory he might be confused why he cannot list.

TobiSGD and Steelneck: Thank you for that reminder and I hope the OP will seriously take note on your positive criticism as an indispensable aspect of system security management.

What are user's groups and directory/file's group? Also specify whether user is owner of the dir./file or not.
Meanwhile, one more thing is sticky bit, which will be very useful in your case. But first share output of:
ls -ld XYZ
And
ls -l ABC

Please use code-tags instead of fancy fonts to post code.

chown root XYZ XYZ/ABC
chmod ugo+rwx XYX
chmod +t XYZ
chmod 0644 XYZ/ABC