LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-20-2009, 09:21 AM   #1
Whir47
LQ Newbie
 
Registered: Jan 2009
Posts: 1

Rep: Reputation: 0
Su permissions (User A can su to User B, but not User C)


Is there a way to set something like this up:

Users: Group:
Group1 Group1
Mark Group1
Tom Group1
Group2 Group2
Joe Group2

Mark, Tom and Joe can SSH into the box, ITS and Group2 cannot.

Mark and Tom can SU to Policy, but not ITS
Joe can SU to ITS, but not Policy

To explain the constraints, I'm trying to set suexec up in a group development environment. Since suexec requires that permissions on a file to serve must be no more then 755 and I don't want to distribute shared group user accounts (For two reasons: the obvious insecurities with having multiple people using a single account and that all the individual users are already in place).

Ideally, I would like for Mark, Tom and Joe to each be able to SSH in to the server. Once they have logged in, a script is executed that calls su - Group1/Group2 and they then are able to edit their files.

Thanks in advance.
 
Old 01-21-2009, 03:56 AM   #2
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
I find your post a little unclear but let me see if I got it right.

- You want only certain users to login to your system?

You can control that through ssh. In sshd_config add:
AllowUsers Mark Tom Joe

- You want them to have access to the same directory to work on files?
Why not setup groups and grant permissions to the folders.

You chould even set the permissions to make sure the group is set when you create a file by using chmod 02770.

Code:
# mkdir test
# chown root:staff test
# chmod 02770 test
# touch test/file
# ls -ld test/file
-rw-r--r-- 1 root staff 0 2009-01-20 18:50 test/file

If you want to use sudo, I guess you can create groups with different rights.

If I got it all wrong, sorry
 
  


Reply

Tags
permissions, su, suexec


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 08:10 AM
samba(global security=user) useful tools for client.ex: user change password. hocheetiong Linux - Newbie 1 03-18-2008 09:20 AM
Giving user 'www-data' same permissions as normal user MikeOfAustin Linux - Software 5 06-08-2007 02:50 AM
C program to see user log on in system and print user with real user name also naveen245 Programming 2 12-21-2005 12:53 AM
grant user access to /fat-c & copying users' preferences to another user n0x Linux - Newbie 1 07-04-2004 12:04 AM


All times are GMT -5. The time now is 06:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration