Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
what i mean exactly is suppose someone is logged in as... user1
can user1 use chmod to change the permissions/ownership of a file owned by user2 ? (user1 and user2 are in different groups)
and what is user1 was the root user?, does that change anything?
(i need to know to properly set up my linux laptop with good permission settings.. but right now theres a program so the laptop wont boot up.. (just my luck)
OK, how about we assume that any user can use chmod/chown ? (the reason i want to know is that i want to split up the "root" users power into multiple users, and i need to have it so that each user can chmod/chown files they own (change it so a new user owns it, new group, or just simple permissions)
Anyone with root priviledges can chown/chown any file they want. sudo is a program to give users root priviledges for the entire system or only certain commands. You could set it up so users could just use chmod/chown as root. This would be a security risk since they could change ownership/permissions for any file they had access to meaning most files on the system.
I don't think there is a way to do what you are asking.
SciYro, I don't understand where you're coming from. How do you think the system will function without a root user? Who do you think is going to own system files?
Why would you want a user to be able to change permissions on a file owned by another user? Then there would be no security.
darthtux: what i need is so that every user can change the permissions only for files they own/ have permission to change permissions
and not having a root user would make the system less crowded as regular users with restricted permissions (one your to handle /dev one to handle kernel stuff, one for compiling, one for X config's, one for normal user use, one for firewall, etc) .. so that each user can only do so little
i find the thought of a user (root) being able to access files they don't own or have permission to own kinda securityless (at least on a single/some user laptop/desktop)
AFAIK, there are files and commands which look explicitly for the root user to execute/modify them. By removing root, you would remove their functionality. Also, programs may span across directories - so in your example, you would have one user run the program in / then when it gets to /usr you'd need another user to run something, and so on. Having just one super user is the simplest way - KISS at it's finest IMO.
Also, would you have the pseudo super users be normal accounts? Say user1 has access to / and is also a normal user account, every time user1 logs in, malicious programs or users have access to ~/user1 and to / which gives them a fair bit of control. Or would you have user1 as the super user and user1a as their user account. They'd still have to su but you have now doubled the number of accounts you'd need. Much better to have users and root.
But I'll wait until a security guru comes along for a definitive answer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.