Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This might seem basic, but I need some advice on managing user access in groups.
I want one user to be in a group that will have very limited access. I want another user to have some access but not be as restricted as the first. Here's what I mean:
UserA should have access to /multimedia, UserB should not.
I created a group called admin and put UserA in it. Permissions on /multimedia were dwrxr-xr-x, so UserA had access. But so did UserB.
When I change permission on /multimedia to dwrxr-x---, neither user has access. I did chown -R root:admin to /multimedia, but UserA is still denied access.
Any clues? Basically how to give UserA access to /multimedia but keep UserB totally out?
If I was you I'd double-check everything to make sure it's the way you picture it. I say this because, AFAICT from reading your post, what you are trying to do should work fine. I've even done the same thing just now on my box to show you that it works:
Code:
win32sux@candystore:/tmp$ sudo groupadd example
win32sux@candystore:/tmp$ sudo useradd -g example -s /bin/bash -m UserA
win32sux@candystore:/tmp$ mkdir /tmp/test
win32sux@candystore:/tmp$ sudo chown root:example /tmp/test
win32sux@candystore:/tmp$ sudo chmod 750 /tmp/test
win32sux@candystore:/tmp$ ls -l /tmp | grep test
drwxr-x--- 2 root example 48 2007-10-09 13:09 test
win32sux@candystore:/tmp$ ls -l /tmp/test
ls: /tmp/test: Permission denied
win32sux@candystore:/tmp$ sudo su UserA
UserA@candystore:/tmp$ ls -l /tmp/test
total 0
UserA@candystore:/tmp$
I used a group called "example" since I already have one called "admin". I created "UserA" and put him in the example group. Then I gave the directory root:example ownership with mode 750. As you can see, since I (win32sux) am not a member of the group "example", I can't see the directory contents, but "UserA" can.
I found out what the problem is. UserA is both a regular user and a Samba user. When UserA tries to access /multimedia in Linux, it works fine. When UserA tries to access /multimedia via a Windows machine, they're being told "You do not have permission".
I've looked into it and it's a little more complex. I may have to set up a Samba ACL to allow UserA access via Samba. As it is, they do have access at the command line.
Do you have any recommendations? I'll keep looking up Samba ACL's unless you have another suggestion.
Autocross, that seemed to work. I added that line to each Samba share, and UserA does have access. UserB (who only has shell access) does not. This is just how I wanted it set up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.