Explain Linux folder permission
Hello,
I have been using linux for years now but I have never thought about this until now What if I want to deny a specific user from accessing a specific folder, how can this be done? This command is after a quick search Quote:
and as a modern linux user how can this be done through the GUI? (you may not answer that) In the permissions tab in any file properties under "Advanced permissions" you will find three check boxes "Set UID", "Set GID" and "Sticky" what are these? Thank you. |
Last qns sound like homework, so I'll just say: http://linux.die.net/man/1/chmod
|
Hmmmm---starts like a real question and ends sounding like homework.....
I'm not up on the "sticky" part, so I'll stick to basics....pun unintentional....;) For any file or directory, you have 3 entities: the owner, the group, and everyone else. To control access to ONE item, simply assign it to a unique group, and then manage who gets assigned to that group.... To the best of my knowledge, there is no simple way to deny just one user---you have to just make sure that he or she is the only one not assigned to the unique group. |
There was a very good article abouot just this in the most recent Linux Format #125.
|
Quote:
Code:
$ chown other-user:excluded-user file |
Also look at the manpage for setfacl. I will sometimes have to resort to the manpage to remember the exact syntax, so I'm not really RTFM'ing you. The manpage has examples, which are clearer then using the --help option.
If there is already a group assigned, and you need more granular control, setfacl can help. Especially in a case such as when the group has read-only access but you want a particular user to have read-write control. Of course, you should create your own users and learn by experimentation, using chmod, chgrp and setfacl on a directory and gain first hand experience using permissions. |
Thank you all,
First, I have finished my education for a very long time so this is not a homework. Second, I am Microsoft Certified and administering a windows 2003 server and of course a windows network. Linux OS is on my personal laptop only so there is no one using it but me. I have never thought about securing a folder in linux until I read this article yesterday about windows 7 security. In windows you can explicitly deny a user from accessing a folder in a couple of simple steps but it seems to be more than that in Linux. and your replies just made me think I have to go out to the very beginning to understand how to do such a simple task. for example in all those years I have not heard/used chown, setfacl, getfacle, acl or umask. Only chmod 777 and sometimes done with kdesudo dolphin so I do not have to open a konsole I do not know where to start but I need a source that will sum all things up not a man page explaining a single command or a command for a single task. if you know such source please let me know Thank you. |
|
There is also, for example...
http://tldp.org/HOWTO/DOS-Win-to-Linux-HOWTO-4.html If that HOWTO wasn't helpful, there are many others; tldp has collected many sources of information in one place. http://tldp.org/ |
Quote:
|
Fundamentally, Linux perms are built around the concept of restricting positive access, not specifying negative access.
IOW, get the correct ownerships (user:group) and give the minimum reqd access perms (of rwx) to each of ugo (user,group,other). For finer tuning, you may add acls. |
Quote:
Am I correct? |
Not exactly. That link in post #8 is good. Have a read first, then come back with any qns.
Just point out that for a file rwx = read,write,execute; for a dir its read,write,x=search(!). See also http://en.wikipedia.org/wiki/File_system_permissions |
Quote:
The username to be excluded is "excluded-guy" The file is named FILE We want everyone else to be able to read or write to the file. Then root could do: # chown excluded-guy:root FILE chmod 077 FILE If FILE was in a directory owned by root, then anyone except excluded-guy could read or write, but not delete FILE, and excluded-guy could do neither, but would be able to see it in a directory listing. Imagine the frustration of being the owner of a file, yet you can't read, write, or delete it! |
Give it a try on a test file/dir. I suspect that the owner could (should be able to) change the perms.
|
All times are GMT -5. The time now is 07:47 AM. |