LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to setup write permission for a user (https://www.linuxquestions.org/questions/linux-security-4/how-to-setup-write-permission-for-a-user-539308/)

veeramani 03-21-2007 07:26 AM
How to setup write permission for a user
 
hai,

i have a directory "test" , with user and group belongs to root.
drwxr-xr-x 2 root root 1024 Mar 21 17:53 test

i want to set write permission to a particular user(normal) who does not belongs to root group in my system to this folder.

What i need to do???

MensaWater 03-21-2007 08:09 AM
You could "chmod 777 test" which would make it drwxrwxrwx meaning anyone can write to it. This is BAD security however.

A better idea would be to change the group to something else. If root owns it then it doesn't need to be in the root group for root to access it. By putting it in a different group then adding your non-root user to that group both root and that user could access it but no one else could.

Another way to do it to restrict security would be to do the 777 mentioned above then set ACLs so that only the user would be able to access it.

By the way I hope your "test" is NOT so that you can allow a non-root user to access system directories like /etc, /bin and others. That is an extremely BAD idea. If you trust someone enough to access those then you should give them root access as they can do as much damage with writing files (and removing them) as they can with the password. Also many things won't work if the permissions are not what they are expected to be by security mechanisms - this is done on purpose to prevent hackers from simply going in and changing permissions to 777 on everything.

So the key question here is WHY are you trying to give a non-root user access to a directory owned by root?

wjevans_7d1@yahoo.co 03-21-2007 08:10 AM
First, get familiar with the format of the files /etc/passwd and /etc/group:

Code:
head /etc/passwd
man 5 passwd
head /etc/group
man 5 group
A user is automatically a member of the group which is specified in his entry in file /etc/passwd. In the following example, user snave is user 3001, in group 3000:

Code:
snave:x:3001:3000:,,,:/u/snave:/bin/bash
But you can add user snave to other groups, too. Suppose you also want him to be a member of group business, which in this example is group 6000. In file /etc/group, you'd start with

Code:
business::6000
and change it to

Code:
business::6000:snave
If you want to have more than one user add this group as a supplementary group, you'd change that line to this instead:

Code:
business::6000:user1,user2,user3
Ok, so in your situation you want to define a new group whose purpose it is to define those who can change the directory in question. (You don't need to worry about root, who can do anything.) Define a new group, picking a group ID which does not yet appear in file /etc/group. Specify the names of users who should be able to modify the directory. In this example, we chose group ID 7654:

Code:
testgroup::7654:user1,user2,user3
Then all you have to do is this:

Code:
chgrp testgroup /wherever/testdirectory
chmod 775 /wherever/testdirectory          # was 755 before
... and you're set.

Hope this helps.

veeramani 03-21-2007 08:21 AM
Thank you

Thanks a lot


All times are GMT -5. The time now is 02:00 PM.