LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-11-2010, 12:22 PM   #1
abdoullah
Member
 
Registered: May 2009
Distribution: Gentoo, CentOS
Posts: 49

Rep: Reputation: 0
h t restrict user permission?


Hi Guys,
i am trying to restrict user access to files by making him belong just to apache group, issued the following command :
usermod ktouati -g apache

i created a test file:
-rw-rwx--- 1 root apache 7 Jun 11 07:38 test

and i can't see why ktouati can access the "test" file, once in it says permission denied.
thank you for any help!
 
Old 06-11-2010, 02:52 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,267

Rep: Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440
Quote:
Originally Posted by abdoullah View Post
Hi Guys,
i am trying to restrict user access to files by making him belong just to apache group, issued the following command :
usermod ktouati -g apache

i created a test file:
-rw-rwx--- 1 root apache 7 Jun 11 07:38 test

and i can't see why ktouati can access the "test" file, once in it says permission denied.
thank you for any help!
Permissions are:

File type is first bit.
First three positions are for owner rights
Second three positions are for group rights
Third three positions are for others rights.

So owner is root, but ktouati is in the apache group, which has full rights to the file. So opening it isn't a problem. Not sure what you mean by "once in it says permission denied"...what do you mean? What are you doing to test it?
 
Old 06-12-2010, 02:03 PM   #3
Ajay Singh Tilawat
LQ Newbie
 
Registered: Jan 2010
Posts: 7

Rep: Reputation: 1
check wheather the user is added in apache group /etc/group
usermod -g apache <username>
 
Old 06-12-2010, 03:19 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,267

Rep: Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440
Quote:
Originally Posted by Ajay Singh Tilawat View Post
check wheather the user is added in apache group /etc/group
usermod -g apache <username>
The OP said he did that already...read his first post.
 
Old 06-12-2010, 03:35 PM   #5
myposts
Member
 
Registered: Jun 2010
Posts: 46

Rep: Reputation: 21
May be ... it will help

To tell you the truth, you must understand how UNIX file permissions works, first. And it is really too much to type. You can try Evi Nemeth books or "Learn Linux" series DVD, they are very good on explaining this stuff. There are things like sticky bits that play role, also would you like to use a standard unix permission model or extended (they are very different in both design and commands)
In short if user permissions are sufficient, it will ignore all other permissions and so on, but in practice, you really must figure out the way it works because it will affect EVERYTHING you do in Linux.
 
Old 06-12-2010, 03:39 PM   #6
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Also, if you add a user to a group, that user must log out and thern log back in (or use the newgrp command) before the new group membership will be applied to them.
 
Old 06-14-2010, 09:21 AM   #7
abdoullah
Member
 
Registered: May 2009
Distribution: Gentoo, CentOS
Posts: 49

Original Poster
Rep: Reputation: 0
Hi Guys,
thanks for all that suggested solutions, actually i was to ask how to check that a user is added to a group.
but i noticed that Ajay is typing the command in a different way that i did: usermod -g apache <username> i did type like this usermod <username> -g apache.
once i typed the command correctly logged out and back in, it's working, thanks Ajay! and you all! but i'm still wondering is there a command to troubleshoot and see if a user is added to a group?
 
Old 06-14-2010, 09:24 AM   #8
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,300

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by abdoullah View Post
but i'm still wondering is there a command to troubleshoot and see if a user is added to a group?

Code:
 
grep username /etc/group
 
Old 06-14-2010, 10:11 AM   #9
abdoullah
Member
 
Registered: May 2009
Distribution: Gentoo, CentOS
Posts: 49

Original Poster
Rep: Reputation: 0
Thank you very much Guys!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to restrict the user nagavinodh Linux - Newbie 4 09-03-2009 12:29 PM
Sendmail to restrict user kool_kid Linux - Server 4 02-17-2008 11:45 AM
Restrict user sunhui Linux - Software 2 09-21-2006 07:11 PM
how to restrict the user simi_virgo Linux - Newbie 2 02-25-2005 07:31 AM
How to restrict user (FTP)? Rex_chaos Linux - Networking 2 03-19-2003 05:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration