LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-12-2005, 02:46 AM   #1
A32
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Rep: Reputation: 0
User & group permission confusion


Hi there,

Im a complete n00b when it comes to Linux so I got a VPS account and started installing/removing all kinds of stuff.. Now I want to learn about users & groups.

I am on Debian (Sarge) with no control panel (uninstalled it because I only want to learn the shell).

Anyways, I have created a user by adduser test. Now, when I login to the 'test' account, I can still see all the directories and open all the files that root can. Why?

How do I make it so a user only sees thier directory and nothing above it?

I have searched vigorously for some kind of tutorial but none of them mention how to do what Im talking about. Help!

Thanks..
 
Old 09-12-2005, 10:52 AM   #2
pats
Member
 
Registered: Jul 2005
Distribution: Debian Sarge/Etch, (K)Ubuntu, FC6, AIX5.3, VMWare ESXServer
Posts: 159

Rep: Reputation: 30
you might be able to view them but can you edit them? and how about going to the root home directory /root . you should get permission denied.

you could set the permissions of everything on the drive to be only accessible the owner of that file

that would look like this

chmod go-rw / -R

**READ ON BEFORE DOING THIS***

personally i wouldn't do this cos i don't think its a bright thing to do. the reason its not mentioned anywhere in tutorials is because its not the done thing. if you think about a windows pc you can still access the windows directory even though you aren't administrator.

i think the above command would seriously harm your installation though. what it should do is make it so you can go through every directory but not read or write to them.the only problem with this being that if any program you run requires read access to a config file then it'll be a bit screwed.

its not being able to view files that poses a threat but being able to modify and execute them that does.

for example try doing /sbin/reboot as your test user.
it shouldn't work because your not root.

another example should be the /etc/shadow file.
if you try a 'cat /etc/shadow' as a normal user you'll be told to take a hike.


hope this clears things up
 
Old 09-12-2005, 02:32 PM   #3
A32
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Okay! Hey, thanks for your reply.. Heres what happened..

/sbin/reboot did what you said it would.

It wouldnt let me cat /etc/shadow either..

However, it DID let me into /root

It also lets me view every other file I can think of to look at /etc/init.d/inetd etcetera etcetera

Basically, I was expecting a user that I create to only have permissions to access listings of thier home/username directory but this isnt happening :/ Is this normal?

Maybe Im missing something.

Thanks.
 
Old 09-12-2005, 06:15 PM   #4
pats
Member
 
Registered: Jul 2005
Distribution: Debian Sarge/Etch, (K)Ubuntu, FC6, AIX5.3, VMWare ESXServer
Posts: 159

Rep: Reputation: 30
hmmm
well i don't know why its letting you into the root directory. i think perhaps you might have the permssions set wrong on the /root dir

give the output of
'ls -l /root'
 
Old 09-12-2005, 09:06 PM   #5
A32
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Original Poster
Rep: Reputation: 0
from my 'test' account:

test@a32:/$ ls -l /root
total 332
-rw-r--r-- 1 root root 173 2005-06-16 11:22 dbootstrap_settings
-rw-r--r-- 1 root root 1336 2005-06-16 11:22 install-report.template
-rw-r--r-- 1 root root 326980 2005-09-12 15:41 lighttpd_1.4.3-1_i386.deb
test@a32:/$ ls -la /root
total 380
drwxr-xr-x 3 root root 4096 2005-09-12 15:41 .
drwxr-xr-x 21 root root 4096 2005-09-08 15:25 ..
drwx------ 2 root root 4096 2005-09-12 18:39 .aptitude
-rw------- 1 root root 7692 2005-09-12 18:47 .bash_history
-rw-r--r-- 1 root root 412 2004-12-15 17:53 .bashrc
-rw-r--r-- 1 root root 173 2005-06-16 11:22 dbootstrap_settings
-rw-r--r-- 1 root root 1336 2005-06-16 11:22 install-report.template
-rw-r--r-- 1 root root 326980 2005-09-12 15:41 lighttpd_1.4.3-1_i386.deb
-rw-r--r-- 1 root root 89 2005-06-27 17:21 .mailcap
-rw-r--r-- 1 root root 230 2005-06-27 17:21 .mime.types
-rw-r--r-- 1 root root 110 2004-11-10 11:10 .profile
-rw------- 1 root root 1024 2005-09-08 15:36 .rnd
-rw------- 1 root root 6942 2005-09-08 22:49 .viminfo
test@a32:/$ cd ../
test@a32:/$ ls
bin dev home initrd.img lost+found mnt proc sbin sys usr vmlinuz
boot etc initrd lib media opt root srv tmp var
test@a32:/$


As you can see, from there I can go anywhere and do anything.. I can open any file I want... ?!?!

Thanks....
 
Old 09-13-2005, 03:34 AM   #6
pats
Member
 
Registered: Jul 2005
Distribution: Debian Sarge/Etch, (K)Ubuntu, FC6, AIX5.3, VMWare ESXServer
Posts: 159

Rep: Reputation: 30
i doubt you can open _any_ of them. for example these are gonna be no go

drwx------ 2 root root 4096 2005-09-12 18:39 .aptitude
-rw------- 1 root root 7692 2005-09-12 18:47 .bash_history


if you do a ls -l / then your /root dir should look like

drwxr-x--- 19 root root 4096 Sep 13 08:22 root

but i suspect it looks like

drwxr-xr-x 19 root root 4096 Sep 13 08:22 root

notice the r and x at the end. i would explain file permissions to you but there is enough info on the net about them.

the last 3 dashes should be blank but cos theres a r and and x there then that means that anyone can open that directory

(forgive me if you know all this and it feels like i'm patronising you. just may as well be as concise as i can)

so what you need to do is (as root)

cd /
chmod o-rx root

this should sort you out

let me know

pat
 
Old 09-13-2005, 03:39 PM   #7
A32
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Original Poster
Rep: Reputation: 0
No no! Not patronising me at all.. Im only 4 days old :-)

And thanks for your explanation. I changed the permissions for the root directory and user 'test' cant view the contents anymore.

Thanks much :-D
 
Old 09-13-2005, 07:06 PM   #8
pats
Member
 
Registered: Jul 2005
Distribution: Debian Sarge/Etch, (K)Ubuntu, FC6, AIX5.3, VMWare ESXServer
Posts: 159

Rep: Reputation: 30
glad i could help. you seem to have got the grasp of quite a few things already so stick at it!

pat
 
Old 09-14-2005, 01:11 AM   #9
A32
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Original Poster
Rep: Reputation: 0
I consider myself a quick learner but when I get stuck, its quicksand :-D

Ive also been looking at chroot.. Seems a little complicated but I think Ill try tonight..
 
Old 09-14-2005, 03:23 AM   #10
pats
Member
 
Registered: Jul 2005
Distribution: Debian Sarge/Etch, (K)Ubuntu, FC6, AIX5.3, VMWare ESXServer
Posts: 159

Rep: Reputation: 30
nothing to it really. it just sets where the / directory is
very handy if you boot of a cd and mount your hard drive linux install. you can then chroot to the base dir of the hard drive install and away you go
 
Old 08-31-2014, 08:18 PM   #11
d4rkstorm
LQ Newbie
 
Registered: Aug 2014
Posts: 8

Rep: Reputation: Disabled
umm... silly.

pretty un responsible for this 'help' .. i was looking for help on lighthttpd and came across this.. now why would anyone recommend to change en masse the root perms :s .. now hes gonna have fun wqith this vps... everythings borked if hes done this the wrong way.. y
you should clarified at start, what exactly you are doing.. your minor warning, does not really say "DONT DO THIS ON YOUR VPS' .. hell, you have just made it a one usert box basically.. very unresponsible help i would ignore..and maybe use man abit, and look into usergroups andusing your conf files for the usergroup wich would have taken the same time anyhow.. or same amount of writing.. so why give dodgy help.. give proper help or let someone else do it properly :s
later.
xd
 
Old 08-31-2014, 08:42 PM   #12
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

I think sufficient warning was given in post #2. However, this thread is 10 years old, and probably should have been left in the grave.

Evo2.
 
Old 08-31-2014, 08:46 PM   #13
d4rkstorm
LQ Newbie
 
Registered: Aug 2014
Posts: 8

Rep: Reputation: Disabled
your 100% right.

oh sheeshus lol.. did not even notice that date when i answered.. ok.. new to forum 'ing so il learn from it lol.. my bad...
on another note..il get to posting something wich can actually stimulate.. sorry for r opening this, just iognore it.. lol..sheesh.
xd
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
user & group quota !! hitesh_linux Linux - General 1 11-14-2004 07:16 AM
winbind samba user vs. group permission denied prob pauljtester Linux - Software 1 09-30-2004 10:32 AM
smb permission for (sub)user group mweil Linux - Networking 0 07-23-2004 08:59 AM
question about user/group & directory... hct224 Linux - Newbie 2 10-11-2003 03:28 PM
RH 9.0 user & group help...... hct224 Linux - Newbie 3 06-22-2003 12:52 PM


All times are GMT -5. The time now is 10:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration