LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-25-2012, 11:20 AM   #1
shejoe
LQ Newbie
 
Registered: Sep 2012
Posts: 1

Rep: Reputation: Disabled
user admin


I am using RHEl 5.

I have created a user and touched a file say abc.

I want to give full permission for the user to use the directory. However, he should not have access to edit the file which I have created in the directory eg abc.


Dir name: XYZ ( full permission)
file name: ABC ( only read permision he should not be able to edit it)

and only root should have full permission to read and write.

What is the command to do so.

Last edited by shejoe; 11-25-2012 at 11:21 AM.
 
Old 11-25-2012, 12:00 PM   #2
steelneck
Member
 
Registered: Nov 2005
Distribution: Slackware, Arch
Posts: 43

Rep: Reputation: 8
Read the manuals for the commands chmod and chown:
man chmod
man chown

You can also consider different group permissions and ownerships. Root does always have full permissions by default.

In your case the folder permissions could be set with "chmod 777" to have it read and write for anyone (you did not tell who shall own it). For the file you could set chmod 644 so that only the owner of it the has write permission and all other can only read it.
 
Old 11-25-2012, 12:01 PM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,926

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by shejoe View Post
I am using RHEl 5.
I have created a user and touched a file say abc. I want to give full permission for the user to use the directory. However, he should not have access to edit the file which I have created in the directory eg abc.

Dir name: XYZ ( full permission)
file name: ABC ( only read permision he should not be able to edit it)

and only root should have full permission to read and write.
What is the command to do so.
Read the man page on the chmod command (type in "man chmod" at the command prompt), and the chown command ("man chown"). Pay attention to the group that the user is in, and the group/owner of the file and the directory. Those hints and the man page should be what you need.

This sounds like a verbatim homework question, and this is covered in the LQ Rules. If you're stuck, post what you've tried and what results you've received, and we will be happy to HELP you.
 
Old 11-25-2012, 12:01 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
You should have a look at file permissions. The Slackbook has a nice chapter about that: http://slackbook.org/beta/#id360362
 
Old 11-25-2012, 12:03 PM   #5
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,613

Rep: Reputation: 433Reputation: 433Reputation: 433Reputation: 433Reputation: 433
Quote:
Dir name: XYZ ( full permission)
Code:
~# chmod 755 xyz
Quote:
file name: ABC ( only read permision he should not be able to edit it)
--Create abc file with contents one two three:

Code:
~# touch abc && echo 'one two three' >> abc

--Set permissions to file 'abc'

Code:
chmod 755 abc

Quote:
and only root should have full permission to read and write.
--Test if regular users can edit file 'abc'

Code:
~# su johnie <Enter user johnie's password>
johnie@host~$ echo 'four five six' >> abc
bash: abc: Permission denied
Regular user can read but cannot write.

Try it your way.

The 'man pages' are the best instructors.

Good luck. Hope that helps.

Last edited by malekmustaq; 11-25-2012 at 12:09 PM.
 
Old 11-25-2012, 12:10 PM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Quote:
Originally Posted by malekmustaq View Post
Code:
chmod 755 abc
Setting the file to 755 will add execute permissions, which are not needed in this case. So the correct number to use with chmod should be 644 instead of 755.
 
Old 11-25-2012, 12:11 PM   #7
steelneck
Member
 
Registered: Nov 2005
Distribution: Slackware, Arch
Posts: 43

Rep: Reputation: 8
Quote:
Originally Posted by malekmustaq View Post
--Set permissions to file 'abc'

Code:
chmod 755 abc
That would not only make it readable for all, but executable too..
 
Old 11-25-2012, 12:42 PM   #8
steelneck
Member
 
Registered: Nov 2005
Distribution: Slackware, Arch
Posts: 43

Rep: Reputation: 8
I see the need to inform a little bit more about making files executable, especially if root is the owner of a file..

If the file is executable by all (755) and it contains code, it can lead to quite nasty things since root has the power to do just about anything. Imagine the file containing the code "rm -rf ~.thunderbird", then if a user doubleclick on that file in a filemanager, it will execute the code that in this case will wipe out the whole .thunderbird directory with all saved emails for the user in question. So never make a file executable if it is not meant to be that, and especially if the root is the owner of it.

File permissions and ownerships can be really complicated. Normally an executable file is run as the user running it, with the permissions of that user, but you can also set it to run as the owner of the file, it is called setuid, and now things can get really dangerous if the root is the owner. If you do chown 4755 and the file contains the code "rm -rf *.*" then any user running it will wipe out everything on all your harddisks and all removables that are mounted writeable. So be careful and use permissions with extreme caution if you do this as root, especially on files owned by root.

If you want a directory world writeable, as you wrote, i recommend that you also set the sticky bit. If you apply the sticky bit on the directory, users can do anything they want with files they create, but they can't write to or delete files which they didn't create. Neat feature. You do this to a directory like this: chmod 1777

Here is a little good piece written about these little more advanced permission features:

http://rackerhacker.com/2007/02/13/c...s-first-octet/
 
Old 11-26-2012, 12:42 AM   #9
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,613

Rep: Reputation: 433Reputation: 433Reputation: 433Reputation: 433Reputation: 433
Yea I know. I have given that 755 only to facilitate the OP's experimentation as he seeks also something about directory "xyz/" which should he fail to set it executable he might all the more get confused why he cannot list the directory file; this is quite confusing to a newbie but he should learn the difference between a directory (that needs +x) and a file that only need +rw. 666 or 744 would still be workable to a file though, but if mistakes that to a directory he might be confused why he cannot list.

TobiSGD and Steelneck: Thank you for that reminder and I hope the OP will seriously take note on your positive criticism as an indispensable aspect of system security management.
 
Old 11-26-2012, 01:51 AM   #10
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
What are user's groups and directory/file's group? Also specify whether user is owner of the dir./file or not.
Meanwhile, one more thing is sticky bit, which will be very useful in your case. But first share output of:
ls -ld XYZ
And
ls -l ABC
 
Old 11-26-2012, 06:09 AM   #11
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Please use code-tags instead of fancy fonts to post code.
 
Old 11-27-2012, 05:42 AM   #12
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 979
Blog Entries: 2

Rep: Reputation: 235Reputation: 235Reputation: 235
Quote:
Dir name: XYZ ( full permission)
file name: ABC ( only read permision he should not be able to edit it)

chown root XYZ XYZ/ABC
chmod ugo+rwx XYX
chmod +t XYZ
chmod 0644 XYZ/ABC
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User/Group Admin ras4jeep Linux - Newbie 4 08-01-2009 10:02 PM
User admin and N/w admin on Gnome hangs ssrini *BSD 2 07-28-2005 08:55 AM
Admin user dee3lmo Linux - Security 1 07-12-2004 05:07 PM
User admin. How to change a user... Pug405 Linux - General 3 04-09-2004 02:33 AM
TCL/TK User Admin liguorir Linux - Software 0 03-31-2004 04:22 PM


All times are GMT -5. The time now is 06:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration