LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-19-2004, 09:26 AM   #1
majicrobot
LQ Newbie
 
Registered: Sep 2004
Posts: 9

Rep: Reputation: 0
User, Group permissions in Redhat Linux ES 3.0


Folks,

I have Redhat Linux ES 3.0 on HP Hardware and have the following questions.If somebody answers these questions, I will be grateful.

1 I would like a create a user group called 'projectusers' and it contains around 10 users. This individual user(member of projectusers) can login into the machine but s/he should not create, modify files.How can I do that on group level? (ie) The whole group shouldn't create,modify the files when they login but they can su to some group id's.

2 I would like to create another group called 'webadmin' and all web related software will be installed under this account.When I create a group called 'webadmin', Is it necessary to create a userid called 'webadmin'? Because the above users(projectusers) should su to webadmin to work. I want to add some of the members of projectusers to webadmin group and it helps them to su to webadmin.How can I do that?

3 I want to restrict the projectusers and webadmin members to su to root.How can I do that?

I know , these questions are big but I am in a delegate situation to learn these stuffs.Any help will be highly appreciated.

Thank you,

Robot
 
Old 09-25-2004, 07:24 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
1\..*This individual user(member of projectusers) can login into the machine but s/he should not create, modify files.
First of all, then please explain the purpose of having ro users. Knowing the purpose usually dictates a less generic answer. Not being able to write means no shell history, no email, no nothing. Anyway, the short answer lies in changing permissions on user and group-owned files and dirs and setting the user and group umask (unless you can use extended ACL's).

2 When I create a group called 'webadmin', Is it necessary to create a userid called 'webadmin'?
AFAIK that's the default policy for RHL to also create a user. If it doesn't, you should.

Because the above users(projectusers) should su to webadmin to work.
Yes. Groups can't "su" :-]

I want to add some of the members of projectusers to webadmin group and it helps them to su to webadmin.How can I do that?
On creating group specifying additional group user should be added to. If afterwards, using useradd or vigr.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
user/group permissions prozac Linux - Newbie 4 11-20-2005 11:49 PM
How to set the permissions for a user Group? Akhran Linux - Newbie 6 11-14-2005 07:55 AM
user/group permissions for /var/www/html/ illtbagu Linux - Software 6 11-12-2003 05:29 AM
user and group ids - individual permissions? LooseCanon Linux - General 2 09-14-2003 12:57 PM
user/group permissions Diane Welch Linux - Newbie 3 05-08-2001 07:03 AM


All times are GMT -5. The time now is 07:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration