how to restrict one particular user to access one particular folder?

Xeratul · 12-09-2006, 04:59 AM

Hallo,

It looks easy but I dont know.
I just would like one special user cannot access one folder, but the other users can. I want all other users but this person can access this folder.

chmod / chgrp / chown are usually good to use, but I can only with that exclude all users to access the folder.

If someone know how, that could be helpful !

thank you

stress_junkie · 12-09-2006, 06:53 AM

This sort of thing is normally done by using groups. First create a group for the special folder. Then add all of the users to that group except the one user to exclude. Then make the folder owned by the group and remove access for "other". Here is an example where there are user accounts user01, user02, and user03. We want to exclude user02 from the special folder. All user accounts already belong to the users, video, and disk user groups.

Code:

groupadd specialfolder
usermod user01 -G specialfolder,video,disk
usermod user03 -G specialfolder,video,disk
chown root:specialfolder /specialfolder
chmod 770 /specialfolder

That's how I would do it.

Xeratul · 12-09-2006, 08:03 AM

thank you

it worked !!

I did:

Code:

addgroup xeratul special
chgrp special /folder/
chgrp special /folder
chmod 770 /folder

cool !!!!!!!!

Xeratul · 12-09-2006, 11:05 AM

I made a mistake

hwo to remove someone from the group ?
removeuser user specialgroup dont exist ...

I am looking ...

Xeratul · 12-09-2006, 11:23 AM

Quote:

Originally Posted by stress_junkie

This sort of thing is normally done by using groups. First create a group for the special folder. Then add all of the users to that group except the one user to exclude. Then make the folder owned by the group and remove access for "other". Here is an example where there are user accounts user01, user02, and user03. We want to exclude user02 from the special folder. All user accounts already belong to the users, video, and disk user groups.

Code:

groupadd specialfolder
usermod user01 -G specialfolder,video,disk
usermod user03 -G specialfolder,video,disk
chown root:specialfolder /specialfolder
chmod 770 /specialfolder

That's how I would do it.

btw, I got:

#usermod user -G video,floppy,cdrom
usermod: user video,floppy,cdrom does not exist

stress_junkie · 12-10-2006, 09:19 AM

Sorry. I put the wrong syntax for usermod. The user account name goes after all of the parameters. The usermod command has the same syntax and parameters as the useradd command.

Code:

usermod -G specialfolder,video,disk user01
usermod -G specialfolder,video,disk user03

You remove accounts from a group membership by using the usermod command and the -G parameter, then just leave the group out of the list that you write. So if a user account named user01 belongs to the video, disk, and cdrom groups, and you want to remove the cdrom group you would enter the following command.

Code:

usermod -G video,disk user01

Xeratul · 02-06-2007, 01:01 PM

Can someone explain me ??

Code:

addgroup xeratul special
chgrp special /folder/
chmod 770 /folder

->Give xeratul the acess to /folder !! (that s working great)

Code:

with having /folder owned  user/group by special already
addgroup xeratul special
chown g+rx /folder -R
chmod 770 /folder

->Give xeratul NO acess to /folder !! (that s not working )

Is it normal ?? Why chgrp is a necessity ?
(normal?)

Thank you for this very noobs simple questions !

=========
EXTRABONUS Question:
If I reinstall the Linux box, can I copypaste to the new installation the follwing files:
group,passwd,shadow ?