LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-30-2006, 10:16 AM   #1
Schreiberling
Member
 
Registered: Jan 2006
Location: Bremen, Germany
Distribution: Linux Mint 16 KDE
Posts: 40

Rep: Reputation: 15
Configuring access rights for a guest


Hi!

I'm wondering how my configuration could be done for a guest account. I'm using SuSE Linux 10.0 OSS and the configuration tool YaST2. The problem is that my newly created guest account has the right to view and read others peoples' folders. I want to set the rights to that effect that the guest can only view his own files and nothing else! Group assignment like "nogroup" or "nobody" didn't work.
 
Old 03-30-2006, 11:14 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
you could remove the "others" permissions from people's home folders... this way nobody can look at someone else's home folder... if you do it this way then you don't need to create any special groups or anything... kinda like:
Code:
chmod 750 /home/*
EDIT: the above was actually a mistake on my part, as it should be a 700 and NOT a 750... unless of course each user on the system would have his own group...

Last edited by win32sux; 03-31-2006 at 02:05 AM.
 
Old 03-30-2006, 12:57 PM   #3
Schreiberling
Member
 
Registered: Jan 2006
Location: Bremen, Germany
Distribution: Linux Mint 16 KDE
Posts: 40

Original Poster
Rep: Reputation: 15
What I'm looking for is that my guest account doesn't belong to any group at all so he couldn't do anything except his own stuff, or identical user and group. I mean, it's far more complicated to configure each thing you want to protect instead of making clear one time for a user what he's able to do and what he's not. It would be too risky for me to change access rights of many folders because it can be difficult undoing that.

Last edited by Schreiberling; 03-30-2006 at 12:59 PM.
 
Old 03-30-2006, 01:40 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
Even if your user didn't belong to any groups, the 'other' part of the permissions will let them see files in home directories unless it is set to 0 as in win32sux's example. Another way to get the same result if you don't want to modify user/group permissions, just others, is:
Code:
chmod o-rwx /home/*
The main risk in doing this is if there is a home directory that everyone should access, it will now be unavailable.
 
Old 03-30-2006, 04:50 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
please see the correction i made to my post above...

the proper way to achive privacy between users is with:
Code:
chmod 700 /home/*
this way you can rest assured that only the owner of the home folder will be able to read/write/enter it...

Quote:
Originally Posted by Schreiberling
It would be too risky for me to change access rights of many folders because it can be difficult undoing that.
no way, it's very easy to undo this... just set the perms back to the usual 755, like:
Code:
chmod 755 /home/*
and then everyone can snoop around everyone else's private stuff again...

BTW, keep in mind that you could also specify which user is the one you don't want to have his privacy violated, like:
Code:
chmod 700 /home/schreiberling
now nobody will be able to snoop on user schreiberling, while the permissions for the other users' home folders remain untouched...

Last edited by win32sux; 03-31-2006 at 02:07 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Access rights Noido Linux - Newbie 5 06-13-2005 04:36 PM
no access to devices with group access rights flipper333 Debian 2 12-28-2004 09:25 AM
guest write access through samba? Tangz Linux - Networking 3 07-11-2004 07:23 AM
access rights popcorn5714 Linux - Newbie 3 02-02-2002 01:26 AM
ftp guest access c0c0deuz Linux - Software 2 01-31-2002 04:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration