LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-08-2006, 03:20 PM   #1
nazimrj
LQ Newbie
 
Registered: Sep 2006
Posts: 7

Rep: Reputation: 0
Restrict directory access


I am a very newbie at linux. The Linux Engineer went back to school .. and I have been left with holding the bag. So ... here I am.

I am running Ubuntu flavour of Linux.

I would like to restrict access to certain directories for certain users. How do I set this up ?

I have 10 directories, D1 - D10
There are 15 developers (Software Engineers) SE1 - SE15
SE1 - SE10 have access to Directories D1 - D7
SE7 - SE15 have access to directories D5 - D10

(Basically SE7,8,9,10 have access to all the directories)

All the developers access the Linux server via SSH. Or via command line from the "DOS prompt" on their windows work stations.

Thanks.
 
Old 09-08-2006, 03:26 PM   #2
jstephens84
Senior Member
 
Registered: Sep 2004
Location: Nashville
Distribution: Manjaro, RHEL, CentOS
Posts: 2,098

Rep: Reputation: 102Reputation: 102
One easy way would be to make two groups. one for d1-d7 and another for d5-10. Then assign permissions for the each group. and for access to all dir for se7,8,9,10 just make them a member of Both groups.
 
Old 09-09-2006, 10:00 AM   #3
nazimrj
LQ Newbie
 
Registered: Sep 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Restrict directory access

Creating groups .. groupadd
How do I assign permissions to each group ?
 
Old 09-09-2006, 03:14 PM   #4
jstephens84
Senior Member
 
Registered: Sep 2004
Location: Nashville
Distribution: Manjaro, RHEL, CentOS
Posts: 2,098

Rep: Reputation: 102Reputation: 102
okay first you need to give make the correct groups own the directory so .
Code:
chgrp -R [group_name] [directory_name]
this will change the group owner of the directory and make the change Descend down the directory.

now we need to give them correct permissions.

7 - full
4 - read
2 - write

so to give say owner full of a directory, group read + write and every-one else no rights it would be this

chmod 760 [file or directory_Name] then when you do a ls -al you would see

-rwxrw---- [for a file]
drwxrw---- [for a directory]
 
Old 09-11-2006, 09:27 AM   #5
nazimrj
LQ Newbie
 
Registered: Sep 2006
Posts: 7

Original Poster
Rep: Reputation: 0
In the /etc/group file I have a group defined as follows
G5:x:1023:SE1,SE2,SE3,SE4,SE5,SE6,SE7,SE8,SE9
G6:x:1024:SE1,SE2,SE3,SE4,SE5,SE6,SE7,SE8,SE9,SE10
G7:x:1024:SE5,SE6,SE7,SE8,SE9,SE10

I have changed the group owner for D5 to G5 and D6 to G6
chgrp -R G5 D5
chgrp -R G6 D6

Then I changed the permission for directories
chmod 760 D5
chmod 760 D6
... which gives persmission to the group owner.

I would like to give permission to the individuals in the group. I tried chmod 777, 775, 765. I am trying to figure out how the chmod works. What should I use so that only G5 has access to D5 ?

Thanks.
 
Old 09-11-2006, 08:31 PM   #6
jstephens84
Senior Member
 
Registered: Sep 2004
Location: Nashville
Distribution: Manjaro, RHEL, CentOS
Posts: 2,098

Rep: Reputation: 102Reputation: 102
chmod 770 - this means that owner of the directory has full access, the group owner has full acess and everyone else has no access.
 
Old 09-12-2006, 07:59 AM   #7
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Quote:
-rwxrw---- [for a file]
drwxrw---- [for a directory]
That doesn't seem right. "x" permission (execute) on a file makes the file, well, executable (ie like a program or script). "x" permission on a directory allows to descend into the directory and any of it's subdirectories.

So, it should be something like:
rwxrwx--- [for an executable file]
rw-rw---- [for a regular file]
rwxrwx--- [for a directory]
drwxrw---- [for a directory]

Next, assume r=4, w=2 and x=1 and that the first three are access to the user that owns the file, the second three are for the group owning the file and the last three are for everyone else.
So, a little simple math shows you that:
rwxrwx--- => rwx for user: r+w+x=7, same for group, --- = 0 for everyone else. Hence, chmod 770 some_directory.
-R makes chmod work recursively on all files and subdirectories of the mentioned directory.

Another way to use chmod is via symbols (read "man chmod" for details). An example would be:
chmod g+rwx some_directory
This gives the group (g) rwx (read-write-execute) permission.

Be careful that no files are owned by root.
 
Old 09-12-2006, 10:41 AM   #8
jstephens84
Senior Member
 
Registered: Sep 2004
Location: Nashville
Distribution: Manjaro, RHEL, CentOS
Posts: 2,098

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by timmeke
That doesn't seem right. "x" permission (execute) on a file makes the file, well, executable (ie like a program or script). "x" permission on a directory allows to descend into the directory and any of it's subdirectories.

So, it should be something like:
rwxrwx--- [for an executable file]
rw-rw---- [for a regular file]
rwxrwx--- [for a directory]
drwxrw---- [for a directory]

Next, assume r=4, w=2 and x=1 and that the first three are access to the user that owns the file, the second three are for the group owning the file and the last three are for everyone else.
So, a little simple math shows you that:
rwxrwx--- => rwx for user: r+w+x=7, same for group, --- = 0 for everyone else. Hence, chmod 770 some_directory.
-R makes chmod work recursively on all files and subdirectories of the mentioned directory.

Another way to use chmod is via symbols (read "man chmod" for details). An example would be:
chmod g+rwx some_directory
This gives the group (g) rwx (read-write-execute) permission.

Be careful that no files are owned by root.
Thanks for that. I just noticed I used a 7 instead of a 1 and used the word full instead of execute.
 
Old 09-13-2006, 07:43 AM   #9
nazimrj
LQ Newbie
 
Registered: Sep 2006
Posts: 7

Original Poster
Rep: Reputation: 0
The explanation was great. The changes work. Thanks !
 
Old 09-13-2006, 09:49 AM   #10
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
You're welcome! Glad it works now...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot to restrict ssh directory access vbsaltydog Linux - Security 1 07-23-2006 05:28 PM
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 09:40 AM
restrict user to home directory at logon pragti Linux - Security 6 02-27-2004 09:00 AM
restrict newuser directory access lonerangerusa Linux - Security 2 05-02-2003 03:41 PM
Restrict directory access bdu Linux - Security 1 02-07-2002 01:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration