the chmod equivalent for group rights
Here's my problem:
I made a ssh server and I would like to know how I can restrict users from a certain group to a certain file directory in the system and how to prevent them from deleting the files in their directory such as .Xauthority, .Xdefaults, etc.. ? |
AFAIK, as long as a file is in a user's directory you can't prevent him/her to delete it, provided he/she is the owner of both the directory and the file. The only way would be to change the owner of the file (obviously you can do that if you are root), but beware to the possible unwanted effects.
|
how do I change ownership of the file? also, how do I make it so the user can still log in after I changed the file ownership as root?
how do I also stop one group of members (or just the member) from having sudo rights? |
Quote:
http://www.howtoforge.com/chrooted_ssh_howto_debian Quote:
|
Just a note changing the owner and group of a file does not prevent the folder owner from deleting the file, because when deleting the file you are modifying the directory.
For example, joe is the owner of his home directory but .Xauthority, .Xdefaults is owned by root (and in roots group). Joe will not be able to edit the files (which I suspect will cause joe some other problems). But joe will be able to delete them--because deleting the files is actually just modifying /home/joe/. I hope this makes sense. The basics is that owner of a directory can delete all files under that directory. I am sure there is a way to prevent that--but I will have to think about it--and someone will likely answer that for you before I think it through. George |
I think you can do this with SGID ( Setting Group ID ) for a particular folder, then only the memebers of the groups have authority of modifying the files only inside that directory.
You can also try using the attributes. using chattr and lsattr command |
All times are GMT -5. The time now is 09:13 AM. |