So, I have a directory owned by root, with execute permission for root only. Everything inside this directory is owned by a regular user, with appropriate permissions.

The root directory is only to control access to the stuff inside it. So I have to su as root to cd into the directory.

Then I'd like to be able to switch back to being a regular user, so I wouldn't be running stuff as root, and so I could connect to my X session.

As root, I'd like to cd into the directory and ctrl-d to return to my regular account *but* have my regular account's pwd now be the same as root's pwd (inside that directory). In other words, I'd like root to be able to drag my regular user account with it, when root goes into the directory.

Of course, though, when I ctrl-d I go back to where I was (outside the directory).

I'm sure there's a way to do this - any advice? (Or a better way to accomplish the same thing? I leave my computer on and logged in all the time, but would like to have some bit of "private space" that's relatively easy to for me to access.)

Thanks.

I think your making this approach harder than it really is. If this directory is to contain files and directories owned by a user but the directory that holds all of this data is owned and only readable by root, why go thru all that trouble. Having the directory readable only by root does not increase your security.

You know you can have this directory owned by the user and only that user can cd into it, its the same way home directories are created initially.

And stop using su to become root, if your wanting better security, setup and use sudo instead.

But you should really take the more logical approach to file ownership and sharing, etc. Your definitely taking the scenic route approach to placing files owned by a user in a directory only readable by root..

I just want a directory that someone sitting at my own computer (which stays on and logged in all the time) can't cd into as the regular (logged in) user. But *I'd* like to be able cd into it, and then switch back to my normal user account.

How else could I accomplish this, while leaving my computer logged in as a regular user? We use the computer all the time, but frequently, for just a few minutes to reply to email, look something up online, etc. Logging in/out all the time would be too inconvenient for a lot of what we do.

If the directory is owned by you, and the group owner is you. Then you don't need to su to root to enter it. Make sure the the permissions on the directory for 'other' is masked out. This includes the 'x' bit on the directory. If the 'x' bit isn't set, a regular user will not be able to list the contents or cd into the directory.

Something a little bit like what you are talking about is setting up sudo so that you enter your own password rather than the root password. This is how Mandrake sets up the sudoers file by default. This way, certain root commands can be allowed to run by certain users ( using sudo ) without having to hand out the root password.

Okay, I'm not making myself clear ...

My regular user account is logged in, all the time.

Whoever uses my computer (which is logged in under my regular account all the time) can access everything that my regular user account owns.

This is what I don't want.

I want one directory that only I (personally, not whoever is using my account) can enter. I was doing this by su'ing to root, to enter a root-owned directory. But then, I have to remain root while in the directory, I can't connect to X session, etc.

I want to be able to go back to being regular user, but remain in the root-owned directory.

change the /etc/sudoers to the privileges of what you want for that user.

I believe that the other users can read your files because you all use the default group users. Create a group by the same name as your user name and make that your default group. Also use the chgrp command and change the group ownership of your home directory to that new group. Make sure to clear the other and group permissions on your home directory.

chmod go-rwx ~username

If only the owner of a directory has the 'x' permissions set, all other regular users will not be able to even enter your home directory.

Also, log out when you are done, and give the other users there own home directories.
You can even have them use the same home directory if you want. Or set up a guest account.

You can't "remain in the root-owned directory" as a regular user; you'll only get permission denied errors. That's the way Linux ownership works; if a directory is readable only by root, then it is readable only by root.

If your main concern is the ability to open X sessions from the files in the root-only directory, this can be done. Look into xhost or xauthority.

The easiest way is to run "xhost +localhost" as yourself. Then root will be able to open new windows. (Make sure DISPLAY is set properly for root).

LinuxDave

A side note: if you want root to also have X session graphics, before you su to root, issue the command 'xhost +localhost', then su to root, and root also has graphics. To remove that, just 'xhost -localhost', and you're back to only the logged in user having graphics.

Thanks for the xhost +/- localhost, that's what I needed for graphics as root/another user.

Not using the default group users, everything's owned by me:me (except the one folder I was trying to give x permission to root only). The other users can read my files because my computer is always logged in as me, so whoever is sitting at the keyboard is "me" ... it's convenient that way, without logging in/logging out just to look up a recipe or tv guide or check email. (startx just takes too long for me, but 90% of that is because I'm impatient! =)

I guess that does make sense, about the permission errors, as if what I were describing were possible (su / cd root dir / ctrl-d but "stay put" in root's dir), it would be really difficult to tell the difference between that and just cd'ing in, as non-root.

Thanks again.

Look for the script /usr/X11R6/bin/sux. If you have it, it does the same thing.

Usage: sux [-c command] [-s shell] [-|-l] [[user] args]