Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-20-2009, 10:21 AM   #1
LQ Newbie
Registered: Jan 2009
Posts: 1

Rep: Reputation: 0
Su permissions (User A can su to User B, but not User C)

Is there a way to set something like this up:

Users: Group:
Group1 Group1
Mark Group1
Tom Group1
Group2 Group2
Joe Group2

Mark, Tom and Joe can SSH into the box, ITS and Group2 cannot.

Mark and Tom can SU to Policy, but not ITS
Joe can SU to ITS, but not Policy

To explain the constraints, I'm trying to set suexec up in a group development environment. Since suexec requires that permissions on a file to serve must be no more then 755 and I don't want to distribute shared group user accounts (For two reasons: the obvious insecurities with having multiple people using a single account and that all the individual users are already in place).

Ideally, I would like for Mark, Tom and Joe to each be able to SSH in to the server. Once they have logged in, a script is executed that calls su - Group1/Group2 and they then are able to edit their files.

Thanks in advance.
Old 01-21-2009, 04:56 AM   #2
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
I find your post a little unclear but let me see if I got it right.

- You want only certain users to login to your system?

You can control that through ssh. In sshd_config add:
AllowUsers Mark Tom Joe

- You want them to have access to the same directory to work on files?
Why not setup groups and grant permissions to the folders.

You chould even set the permissions to make sure the group is set when you create a file by using chmod 02770.

# mkdir test
# chown root:staff test
# chmod 02770 test
# touch test/file
# ls -ld test/file
-rw-r--r-- 1 root staff 0 2009-01-20 18:50 test/file

If you want to use sudo, I guess you can create groups with different rights.

If I got it all wrong, sorry


permissions, su, suexec

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 09:10 AM
samba(global security=user) useful tools for client.ex: user change password. hocheetiong Linux - Newbie 1 03-18-2008 10:20 AM
Giving user 'www-data' same permissions as normal user MikeOfAustin Linux - Software 5 06-08-2007 03:50 AM
C program to see user log on in system and print user with real user name also naveen245 Programming 2 12-21-2005 01:53 AM
grant user access to /fat-c & copying users' preferences to another user n0x Linux - Newbie 1 07-04-2004 01:04 AM

All times are GMT -5. The time now is 04:02 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration