LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-28-2003, 06:09 PM   #1
aeruzcar
Member
 
Registered: Jul 2003
Location: Santiago, Chile
Distribution: Gentoo
Posts: 282

Rep: Reputation: 30
Directory Restrictions


Hello There
I have a small problem, I added a user and I want to have read-write access to his /home/user directory, but I do not want to let him to browse any other directories in the upper levels, how do I do that??
 
Old 10-28-2003, 07:47 PM   #2
d_t_baker
Member
 
Registered: Oct 2003
Location: AU
Distribution: Ubuntu
Posts: 57

Rep: Reputation: 15
I think most users need to be able to read directories in the upper levels do get config files and run programs. But if you make that user have her own group, then set the 'other' permissions on all directories you dont want her to access to nil, they shouldnt be able to access them.
 
Old 10-28-2003, 08:06 PM   #3
aeruzcar
Member
 
Registered: Jul 2003
Location: Santiago, Chile
Distribution: Gentoo
Posts: 282

Original Poster
Rep: Reputation: 30
Actually what I want to do, is that the user can only read his /home/user directory and not the other /home/user2 /home/user3 etc directories, how do I do that?, can you explain to me a little bot more about the group creaitng?
 
Old 10-28-2003, 08:18 PM   #4
d_t_baker
Member
 
Registered: Oct 2003
Location: AU
Distribution: Ubuntu
Posts: 57

Rep: Reputation: 15
Well ususally when users are created they get given a user name and a group they belong to, you can then set permissions based on those group/user name values.
If you do 'ls -la /home' you will get a listing of all directories plus their permissions and who owns them and so on.
You can read up a tutorial on permissions at http://www.ctssn.com/linux/lesson6.html
You set permissions with the chmod command.
If i have user1 who is in group a and user2 who is in group b, the output of 'ls -l /home' may look like this:

drwxr--r-- 5 user1 a 4096 Feb 7 14:33 user1
drwxr--r-- 5 user2 b 4096 Feb 7 14:34 user2

we are interested in the left hand side. drwxr--r--
the d means its a directory, and then its split into 3 parts, part 1 is permissions or the user, part 2 is permissions for its group, and part 3 is permissions for everybody else (other).

r means rean, w means write, and x means execute.

to stop user1 from getting (reading) into user2's directory we change the mode of the user2 directory to drwxr-----. Notice now that the other part of the permissions is set to nil, so everybody who is not the user, or in the same group wont be able to read that directory.

One way to set the permissions like that is:

cd /home
chmod o-r user2 -R

This means it will remove the r (read) attribute on all files and directories (-R means recurse into directories) for everybody who is not the user, or in the same group as user2.

If you do 'ls -l /home' you should now get something like:

drwxr--r-- 5 user1 a 4096 Feb 7 14:33 user1
drwxr----- 5 user2 b 4096 Feb 7 14:34 user2

Note: user 2 can get to user1, and all operations above must be performed as root.
 
Old 10-28-2003, 08:31 PM   #5
aeruzcar
Member
 
Registered: Jul 2003
Location: Santiago, Chile
Distribution: Gentoo
Posts: 282

Original Poster
Rep: Reputation: 30
I did what you and it worked, but now when I log in as the user who I wanted to restrict it said the following:
Could not chdir to home directory /home/aigarcia: Permission denied
-bash: /home/aigarcia/.bash_profile: Permission denied
maybe he needs to belong to a specific group ??

Last edited by aeruzcar; 10-28-2003 at 08:39 PM.
 
Old 10-28-2003, 09:04 PM   #6
d_t_baker
Member
 
Registered: Oct 2003
Location: AU
Distribution: Ubuntu
Posts: 57

Rep: Reputation: 15
This means that the user aigarcia does not have permissions to access his own directory. When you do
ls -l /home/aigarcia
you should get something like:
drwxr----- 5 aigarcia aigarcia 4096 Oct 29 13:03 aigarcia

This means that the user aigarcia who belongs to the group aigarcia can access his own directory called aigarcia.

If you see something more like this:
drwxr----- 5 root root 4096 Oct 29 13:03 aigarcia

then this means that only user root can access this directory. I think this is what has happened, to fix this you must change the owner of the directories, ie as root do:

chown aigarcia aigarcia/ -R
chgrp x aigarcia/ -R

^^ change x to whatever group aigarcia _should_ belong to.

Then try to log in as aigarcia again.
 
Old 10-28-2003, 09:09 PM   #7
aeruzcar
Member
 
Registered: Jul 2003
Location: Santiago, Chile
Distribution: Gentoo
Posts: 282

Original Poster
Rep: Reputation: 30
After I read the link you sent me I changed the ownership of the directory, thank you very much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Restrictions Equin Linux - Security 1 10-21-2004 11:46 AM
Strange file access restrictions in kernel-headers directory zero79 Debian 3 04-30-2004 10:17 PM
samba and win 2k active directory restrictions kaasi Linux - General 0 11-06-2003 09:31 PM
Restrictions X3781 Linux - General 1 01-07-2003 12:55 PM
Safemode restrictions pk21 Linux - General 0 01-07-2003 05:04 AM


All times are GMT -5. The time now is 03:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration