LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-06-2019, 05:12 PM   #16
LinuxGeek46
LQ Newbie
 
Registered: Oct 2019
Location: Raleigh, NC
Distribution: Fedora
Posts: 22

Rep: Reputation: Disabled
Try it.


Quote:
Originally Posted by Peverel View Post
Yes, LinuxGeek46, but an owner can change permissions herself, even then delete the file.
If you try this you will find that the owner can change the file to no permissions 076 or something like that, but cannot change it back because the owner dose not have permission to change the file in any way. Only root or a member of the group can give permissions back to the owner. Even if the owner is a member of the group the owner can not change the file including its ownership or permissions. This is because the permissions are scanned left to right for the first match so with a match in the owner's permissions it never looks at the group or other permissions.

And yes, file owners can lock themselves out of their own files.

It is really cool the way it works.
 
1 members found this post helpful.
Old 11-06-2019, 09:10 PM   #17
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: Currently: openSUSE, Raspbian, Slackware. Formerly: CentOS, MacOS, Red Hat. Other: Solaris, Tru64
Posts: 1,725

Rep: Reputation: 211Reputation: 211Reputation: 211
Quote:
Originally Posted by gabs247 View Post
Hi,

I've been trying to figure out if this is possible or not, and how to implement it?

I have a Source folder with files A, B and C.

[snip]

The problem is, that I want to use a service account to access the two folders, Source and Limited and so then it'll have access to all the files anyway, so that wouldn't work?

Hope that makes sense, and someone may have a suggestion? Thanks
By service account, I'm assuming you mean something like an application owner account? With "regular" users needing a different kind of access? If you're trying to restrict access by putting symbolic links into the "limited" directory, that will just give those users whatever access is allowed by the permissions in the "source" directory. I don't think having different permissions on the two directories will help.

If you need/want multiple users -- and/or groups -- to be able to access these files with differing kinds of access -- read/write vs. read-only or even read/execute -- you may need to look at Access Control Lists (ACLs). In a previous life, I had to use them to allow read/write access to files by users that were members of different groups. Most of the time I'd set the permissions on the object to be "000" and define all access via Access Control Entries for members of specific individuals/groups. Systems that implement ACLs look for them first -- as far as I've ever seen -- and, if not found, use normal filesystem permissions. Something similar could be used here but they can be tricky to set up. Group membership, access granted via different ACEs, etc. can burn ya if you're not careful---the order in which ACEs appear in the ACL is significant. If you go this route, you should also ensure that whatever you're using for backups backs up the ACLs on objects as well as the files themselves---a particular switch might be needed to make sure ACLs are included during the backup. Check acl(5), chacl(1), and the "info" pages for "setfacl", "getfacl" for the birds-eye lowdown.

HTH...
 
Old 11-07-2019, 09:47 AM   #18
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,360

Rep: Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001Reputation: 2001
Quote:
Originally Posted by LinuxGeek46 View Post
If you try this you will find that the owner can change the file to no permissions 076 or something like that, but cannot change it back because the owner dose not have permission to change the file in any way.
Really??
Code:
[rkn] ~ $ cp /etc/profile junk
[rkn] ~ $ ls -l junk
-rw-r--r--. 1 rknichols rknichols 1841 Nov  7 08:41 junk
[rkn] ~ $ chmod 064 junk
[rkn] ~ $ ls -l junk
----rw-r--. 1 rknichols rknichols 1841 Nov  7 08:41 junk
[rkn] ~ $ chmod 644 junk
[rkn] ~ $ ls -l junk
-rw-r--r--. 1 rknichols rknichols 1841 Nov  7 08:41 junk
Only making the file immutable (with chattr) would prevent the owner from changing the permissions.
Quote:
It is really cool the way it works.
But not the way you described.
 
1 members found this post helpful.
Old 11-07-2019, 10:13 AM   #19
LinuxGeek46
LQ Newbie
 
Registered: Oct 2019
Location: Raleigh, NC
Distribution: Fedora
Posts: 22

Rep: Reputation: Disabled
You are correct. Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Physical link vs Relative link vs Symbolic link hack3rcon Linux - Newbie 13 01-13-2018 11:48 AM
[SOLVED] Can I make a symbolic link that is dynamic link->$HOME/file? croog Linux - General 4 10-14-2012 08:55 PM
Symbolic link not allowed or link target not accessible rheluser Linux - Server 3 09-04-2012 11:22 AM
symbolic link not allowed or link target not accessible paullaubscher Linux - Newbie 4 03-10-2010 07:47 AM
How to create symbolic link to html file and avoid page link problem? haxpor Linux - General 2 01-29-2008 08:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration