LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 07-01-2007, 07:28 AM   #1
AlaeddinB
LQ Newbie
 
Registered: Jul 2007
Posts: 2

Rep: Reputation: 0
Exclamation create linux user with limitted access to one folder only


Hello guys,

Actually i have a wonder how to do this action, please advise.

I already have a user account with user name "user1", and home directoy /opt/user1.

inside /opt/user1 there's a folder called "test".

i want to create a new user say "user2" which he has limitted access only for "test" folder, that he cant open any thing else for security Purposes.

Again, this "test" folder is under "user1" home directory /opt/user1 .

Please advise.
I'm using RHEL V4 update 4.

Appreciated guys.
Ala'eddin
 
Old 07-01-2007, 08:06 AM   #2
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
technically, you want user2 to be able to have rw access to /opt/user1/test (and subdirectories?)

the first thing that occurred to me was to use sudoers rules to allow user2 to act as user1 but only in that directory. You'll need to read the pages very carefully.

the second that occurred would be to share that directory via samba or NFS.

However, this sounds like you are asking about a particular type of solution instead of asking about your problem. What is it you ae trying to achieve?
 
Old 07-01-2007, 08:06 AM   #3
opensourcedevelopmen
LQ Newbie
 
Registered: Jun 2007
Location: Delhi
Distribution: Linux
Posts: 21

Rep: Reputation: 16
Hi ,
What is the purpose of the same?
If User know ftp the use chroot or in samba you can restrict the same.
Regards
 
Old 07-01-2007, 09:09 AM   #4
AlaeddinB
LQ Newbie
 
Registered: Jul 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Hello guys,

Well, let me explain my issue from the root.

I have a RHEL system, with installed applications, and the username and password given to limitted users to access, cause it's critical system.

the user account home directory is under /opt/user1.

And there's a folder called "generated" with path /opt/user1/generated.

And for some request, this folder "generated" have data to use, and i dont wana give them the account username/password to access this folder data, for security issue, u know.

so i thought i could create a new user for them, to access this folder and nothing else .

Appreciate it guys.
 
Old 07-01-2007, 10:08 AM   #5
gkiagia
Member
 
Registered: Oct 2003
Location: Greece
Distribution: Debian sid
Posts: 248

Rep: Reputation: 30
Create a second user (let's say user2).
Put user2 into the same group as user1.
Restrict group access from /opt/user1/generated and whatever else you want to restrict.
Set group rwx permissions to /opt/user1/test. (with the gid bit too, i.e. "chmod 2775 /opt/user1/test")
Voila!
 
Old 07-01-2007, 03:37 PM   #6
Weasel75
LQ Newbie
 
Registered: Jul 2006
Posts: 2

Rep: Reputation: 0
It might seem a *big* club, but "jailkit" is another option when it comes to restricting access to your system.
http://olivier.sessink.nl/jailkit/

Good luck!

PS: In general it seems like a bad idea to grant some(one| stranger) access to a "critical system". A special "dedicated" server is a safer choice there.
 
Old 07-02-2007, 01:34 AM   #7
dgard
LQ Newbie
 
Registered: Jan 2007
Posts: 7

Rep: Reputation: 0
Quote:
Originally Posted by gkiagia
Create a second user (let's say user2).
Put user2 into the same group as user1.
Restrict group access from /opt/user1/generated and whatever else you want to restrict.
Set group rwx permissions to /opt/user1/test. (with the gid bit too, i.e. "chmod 2775 /opt/user1/test")
Voila!
That's the way to do It. I would do it slightly different, though.
- First you create user2, with his own home directory /home/user2. Probably this will also create a new group also called "user2", of which user2 will be the only member.
- Add *user1* to the group "user2" (instead of user2 to user1)
- ensure that /home/user2 has read/execute (r-x) permissions set for the group, and that it's property of the user "user2" and the group "user2".
- make /home/user1/test a link to /home/user2
- voila!
 
Old 07-02-2007, 02:04 AM   #8
blade_x
LQ Newbie
 
Registered: Dec 2006
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by AlaeddinB
Hello guys,

Well, let me explain my issue from the root.

I have a RHEL system, with installed applications, and the username and password given to limitted users to access, cause it's critical system.

the user account home directory is under /opt/user1.

And there's a folder called "generated" with path /opt/user1/generated.

And for some request, this folder "generated" have data to use, and i dont wana give them the account username/password to access this folder data, for security issue, u know.

so i thought i could create a new user for them, to access this folder and nothing else .

Appreciate it guys.


Hmmmm. I read this article from van emery


http://www.vanemery.com/Linux/ACL/linux-acl.html


Of course he wrote it back then using Fedora core 2. But his tutorial may be quite useful to you. And if i may quote

Quote:
What are ACLs and why would you want to use them?

ACLs are Access Control Lists for files and directories. They are based on the IEEE's POSIX 1003.1e draft 17, also known simply as POSIX.1e. ACLs are an addition to the standard Unix file permissions (r,w,x,-) for User, Group, and Other. ACLs give users and administrators flexibility and fine-grained control over who can read, write, and execute files. This can all be done without adding mysterious groups and pestering the system administrator.
I hope this helps you.
 
Old 07-02-2007, 02:48 AM   #9
saurabh142857
LQ Newbie
 
Registered: Jan 2005
Location: India
Posts: 8

Rep: Reputation: 0
Quote:
Originally Posted by AlaeddinB
Hello guys,

Well, let me explain my issue from the root.

I have a RHEL system, with installed applications, and the username and password given to limitted users to access, cause it's critical system.

the user account home directory is under /opt/user1.

And there's a folder called "generated" with path /opt/user1/generated.

And for some request, this folder "generated" have data to use, and i dont wana give them the account username/password to access this folder data, for security issue, u know.

so i thought i could create a new user for them, to access this folder and nothing else .

Appreciate it guys.
Although , the chmod solutions are correct a better way would be to create a NFS share ( or SMB or CIFS share ) and let the person requesting the share , mount it in his file system.

For NFS share :
1) Add a entry for /opt/user1/generated in the file /etc/exports.
( You can use GUI like redhat-config-nfs or system-config-nfs to do the same )
2) The person who wants to use it will mount it with 'nfs' as the type.

Only the folder and nothing else will be available to that user (who need not be on the same machine).
There are ways to restrict the hosts and users -- the man pages will give you the details. The procedures for SMB and CIFS are similar -- the advantage being clients(and/or servers) can be on windows machines as well. Also , you can make the share read-only or read-write as per your requirements.


Regards,
Sourabh
 
Old 07-02-2007, 05:40 PM   #10
Saltanis
LQ Newbie
 
Registered: Apr 2007
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by AlaeddinB
Hello guys,

Actually i have a wonder how to do this action, please advise.

I already have a user account with user name "user1", and home directoy /opt/user1.

inside /opt/user1 there's a folder called "test".

i want to create a new user say "user2" which he has limitted access only for "test" folder, that he cant open any thing else for security Purposes.

Again, this "test" folder is under "user1" home directory /opt/user1 .

Please advise.
I'm using RHEL V4 update 4.

Appreciated guys.
Ala'eddin

Shouldn't the file just be mirrored to a folder that users "can" access. Just any another place on the network completely, rather then giving someone ANY acces to a critical system that does not implicitly need it.

.02 cents
D.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to restrict one particular user to access one particular folder? Xeratul Linux - Newbie 6 02-06-2007 02:01 PM
i can't create folder or file by root user. Linux For Ever Red Hat 7 01-19-2007 03:34 PM
squirrelmail:How To create spam folder for all user? squirtle Linux - Software 1 10-30-2006 06:40 AM
Create script in CentOS4 to copy folder but promt user to enter name of destination mastermindpr Linux - General 2 02-08-2006 11:45 AM
samba : access denied for some user in same NT group on a folder mtrento Linux - Networking 0 06-27-2005 11:01 AM


All times are GMT -5. The time now is 12:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration