Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am new to Linux and I need some help on user accounts. I would like to create an account for a friend of mine with just read acess to directories. I have created the user with the utility Webmin but I can't find an area to specify any types of permissions/privledges. I logged in with the account I created for him and it basically gives him root access. It allows him to delete files/dirs ctc. Any help would be greatly appreciated.
Well it is very weird but in order to connect to our home comptuers from behind our work firewall, we must first use SecureCRT to connect to a linux box and then configure port forwarding within SecureCRT. I was hoping there was a way to lock him in his home directory and don't want to give him the ability to navigate to other dirs...
Well that would be the problem I guess ......I bet you can already guess my next question...LOL.....I logged in with his user and he is able to navigate to my home directory. Any idea how I can set the rights on my home diretory so I can only view it?
Well since I assume you want Apache to be able to get to /home/jeff/public_html but not your friend. Off the top of my head you have two options.
1) Give the Apache's primary group access to your home directory (chgrp www-data /home/jeff and chgrp -Rf www-data /home/jeff/public_html) and then remove access from 'other' (chmod -Rf o-rwx /home/jeff).
2) Leave the ownership the way it is and just restrict your top level home directory. Apache just really needs execute permission on the directories leading up to public_html to be able to get into it, so you could run "chmod o-rw /home/jeff" and whenever someone tries to get a file list from /home/jeff they'll get Access Denied. But if they know that public_html exists, they can still get to it.
i believe that you're trying to do all of this from a command line? or are you using a browser interface?
if you're using a command line, and/or a browser you can just set up acls, access control lists. if you're using reiserfs then you're going to have to rebuild your kernel to support it, if you're using ext3 or xfs then it's in there all ready.
you won't have to play with your apache settings for this.
also if you're using apache to see your /home/user files, then you have a big security hole in the first place.