LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 04-15-2008, 08:06 AM   #1
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Question restrict access of a user to two directories only


Hi all,

I am using RHEL 5.0

I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory.

I do not want to change his login shell which is ksh or bash by default.
Moreover, he should not even have read access of other directories.

Pls help!!

Thanks in adv,
VIKAS
 
Old 04-15-2008, 08:42 AM   #2
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740
File and directory permissions are assigned to Owner, Group, and Other. If you want a user who cannot read most things, then the "Other" field needs to be changed....eg: chmod -R o-r /home (Kills read permission for "others" in /home and all below.

For the ones where your user will have access, assign him/her to a group and then use chown to assign the file(s) to that group. Finally, use chmod to set the group permissions as desired.
 
Old 04-15-2008, 08:57 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
A user needs read access to systems directories such as /etc/, /usr/bin/, /lib/, /usr/lib, etc. A program being run by the user runs with the uid of that user and needs access to libraries and configurations. The /etc/passwd file must be readable to log in as well.
 
Old 04-15-2008, 09:59 AM   #4
trashbird1240
Member
 
Registered: Sep 2006
Location: Durham, NC
Distribution: Slackware, Ubuntu (yes, both)
Posts: 463

Rep: Reputation: 31
I recommend checking out ACL (access control lists). I recently wrote an article on Slackwiki about this.

Joel
 
Old 04-15-2008, 10:51 AM   #5
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Original Poster
Rep: Reputation: 107Reputation: 107
Unhappy

Quote:
Originally Posted by jschiwal View Post
A user needs read access to systems directories such as /etc/, /usr/bin/, /lib/, /usr/lib, etc. A program being run by the user runs with the uid of that user and needs access to libraries and configurations. The /etc/passwd file must be readable to log in as well.
Ok fine, if we give that user read access (or what ever is needed) to these essential files, then is it possible to that user can not change his directory other than /tmp1 & /tmp2, nor he is allowed to edit files other than these directories.

pls help.
 
Old 04-15-2008, 12:18 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
A users home directory and /tmp are the only ones where a user should be allowed write access. The sticky bit on the /tmp directory will protect a file from being deleted by another user. One user wishing to protect files from being overwritten can make sure that the "o" other write permissions are clear.

Suppose that you have an external drive formated with the ext3 filesystem and you want all users except for "testuser" to have access to it. You could create a group for the purpose of sharing this directory and make that group the owner.
example:
sudo chgrp driveshare /mnt/drive1
sudo chmod g=rwx /mnt/drive1

Then make the other users a member of the driveshare group.

Another way is to use acls.

sudo chmod a=rwxt
sudo setfacl -m u:testuser:--- /mnt/drive1

Now every user except testuser will be able to enter the /mnt/drive1/ directory.

Last edited by jschiwal; 04-16-2008 at 04:14 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD - restrict user access? v00d00101 Linux - Security 2 08-09-2011 03:35 PM
how to restrict one particular user to access one particular folder? Xeratul Linux - Newbie 6 02-06-2007 02:01 PM
vsftp virtual user access to different directories chandj Linux - Networking 0 10-03-2006 01:54 PM
How do I allow an ftp user access to 2 directories? beammeup Linux - Security 5 08-02-2006 02:54 PM
can you restrict ftp USER access to certain ips? linuxboy69 Linux - Software 2 02-26-2004 05:05 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 08:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration