LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to avoid permissions problems (newb) (https://www.linuxquestions.org/questions/linux-security-4/how-to-avoid-permissions-problems-newb-4175657162/)

jones5 07-10-2019 08:02 AM

How to avoid permissions problems (newb)
 
I am trying to understand and set up a folder and file system that will not present issues when transferring items from one machine/storage device to another.

What I would like is the ideal settings that preserve basic security of the folder
or file but allow me to move items easily.

I understand the permissions system default set-up is for multiple users/commercial uses but I just want it to work for me and anyone I send a file or folder to.

Is there an easy way to do this? How is this done working with nemo?

I hope that makes sense.

hazel 07-10-2019 08:34 AM

When you copy a file, it is the permissions on the receiving folder that matter, not the permissions on the file (other than basic read access). You need to have full access (including write permission) on that folder because the folder is actually a directory, that is an index, and you are adding an item to that index. The access permissions of the file itself will stay the same by default but the new copy will belong to you, not to the owner of the original file.

Transferring or moving a file is more complicated as it removes it from its original folder, so you will need to have write access to that folder as well.

If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories. However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.

TB0ne 07-10-2019 08:55 AM

Quote:

Originally Posted by jones5 (Post 6013771)
I am trying to understand and set up a folder and file system that will not present issues when transferring items from one machine/storage device to another.

What I would like is the ideal settings that preserve basic security of the folder or file but allow me to move items easily. I understand the permissions system default set-up is for multiple users/commercial uses but I just want it to work for me and anyone I send a file or folder to.

Is there an easy way to do this? How is this done working with nemo? I hope that makes sense.

Hazel gives solid advice, but I'll ask for further information, because you say "move", and "anyone I send a file or folder to", which are nebulous in this context.
  • Do you actually mean MOVE, as in "put it somewhere else, and DELETE the copy you have", or do you mean it in the sense of "copy"??
  • How are you doing this move/copy/transfer? Because using SFTP/SCP is different than FTP, which is different than Samba or NFS, as far as permissions go.
  • Anyone you send something to you have NO CONTROL over...that's on their system, not yours.
And Linux systems have user ID's (UID's), which may (or may NOT) match on the receiving system, depending on how the users are created. Network shares like NFS or Samba may have their own permissions set and have ACL's in place that differ as well.

Yes, it's a complex thing, but this is no different than Windows...they have ACL's, folder security etc. in place as well. If you're doing this on a LAN with other users, that simplifies things greatly. If you're sharing over the Internet, that's NOT so simple, and your best solution may be to use Google Drive, Dropbox, or a solution such as that, to share files with others.

Not enough details/information to offer up a more solid solution.

michaelk 07-10-2019 09:00 AM

Quote:

How is this done working with nemo?
nemo is a client and uses GVFS to connect to a server which can be ssh, SMB/CIFS (samba), ftp, webdav etc. Most protocols require a authentication and as stated its the server that determines write permissions. In addition the remote server can be accessed outside of nemo by mounting or FUSE and its that command/options and authentication that determines write permissions for your user.

jones5 07-10-2019 09:30 AM

Quote:

Originally Posted by hazel (Post 6013781)

If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories.


Can you advise a quick way?

hazel 07-10-2019 11:00 AM

Quote:

Originally Posted by jones5 (Post 6013800)
Can you advise a quick way?

You can check what the current folder rights are by running ls -l (long listing) on the folder's parent. The second field of the list shows the permissions; the first 3 columns are your rights as personal user: r for read, w for write, x for execute. If you don't have full rights on the folder, use chmod u=rwx to give yourself as user full rights.

BW-userx 07-10-2019 09:29 PM

depending on the owner of the directory, determines if the user can change permissions, or that user needs to use sudo, or su passwd, to change permissions, being that it is your system you should have all three available to you depending on where the destination is.

if you're going to put some files in a usb stick with a linux format then you can give it full permissions on the entire stick.
Code:

sudo chmod 775 -R /destination
or
sudo chmod 777 -R /destination

Unix Permissions Calculator

jones5 07-11-2019 11:16 AM

I will answer comments above more fully when I have studied permissions a little more fully.

In the meantime regarding Hazel's comment:




However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.


I have come across this:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.

I presume in 1) above this is sudo and in 3) this is su?

or have I misunderstood?

hazel 07-11-2019 11:34 AM

Quote:

Originally Posted by jones5 (Post 6014139)
I have come across this:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.

I presume in 1) above this is sudo and in 3) this is su?

or have I misunderstood?

No, when people on this forum talk about doing things as root, it nearly always covers the use of both su and sudo. In practice there's no real distinction, although they work in different ways. What I meant by option 3 was to permanently change the permissions of the directories concerned. It's a lousy idea because you really shouldn't mess with system directory permissions; they are set the way they are for very good reasons. But it is a theoretical possibility.

Another (and much safer) option which I didn't consider at the time would be to use the chacl (change acl) command (as root naturally) to give write access to those directories to yourself by name rather than to the world. But I wouldn't do even that on my own system. I'd just use sudo to make my transfers or use copy rather than move. It's only a slight inconvenience after all. Safety first!

TB0ne 07-11-2019 11:59 AM

Quote:

Originally Posted by jones5 (Post 6014139)
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:


However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.


I have come across this:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.

I presume in 1) above this is sudo and in 3) this is su? or have I misunderstood?

And what about everything asked in post #3???

jones5 07-12-2019 03:07 AM

Quote:

Originally Posted by TB0ne (Post 6014146)
And what about everything asked in post #3???

Yes, thanks the reminder. Please note my comments previously:

Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:

TB0ne 07-12-2019 06:48 AM

Quote:

Originally Posted by jones5 (Post 6014315)
Yes, thanks the reminder. Please note my comments previously:

Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:

And none of those questions relate in any way towards permissions. Again:
  1. Do you actually mean MOVE, as in "put it somewhere else, and DELETE the copy you have", or do you mean it in the sense of "copy"??
  2. How are you doing this move/copy/transfer? Because using SFTP/SCP is different than FTP, which is different than Samba or NFS, as far as permissions go.
  3. Anyone you send something to you have NO CONTROL over...that's on their system, not yours.
So:
  1. Do you mean move or copy??
  2. What are you using to transfer things? What application/protocol???
  3. How are you sending?
These aren't questions about permissions, but how you're doing things, which will possibly EFFECT permissions.

jones5 07-17-2019 02:38 PM

Quote:

Originally Posted by hazel (Post 6013781)

Transferring or moving a file is more complicated as it removes it from its original folder, so you will need to have write access to that folder as well.

If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories. However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.

Ok I can see that moving a file is different to copying. I can see that moving a file can be problematic if outside my OS. Also there may be network issues influencing 'sending' files over the internet.

I will assume for my own use copying files between my own directories will be reasonably trouble free. Or I can use chmod u=rwx on the parent folder/directory for anywhere I do not have full rights.

If I say I am not moving directories or files over the internet for now. This issue has arisen over a worry that when I back-up my system using an an automated method, when I come to restore the permissions will be a problem? It seems from what has been said, as long as the directories and files that are being restored have been created on my own system that should not be a problem. Views please?

TB0ne 07-18-2019 07:11 AM

Quote:

Originally Posted by jones5 (Post 6015964)
Ok I can see that moving a file is different to copying. I can see that moving a file can be problematic if outside my OS. Also there may be network issues influencing 'sending' files over the internet.

I will assume for my own use copying files between my own directories will be reasonably trouble free. Or I can use chmod u=rwx on the parent folder/directory for anywhere I do not have full rights.

If I say I am not moving directories or files over the internet for now. This issue has arisen over a worry that when I back-up my system using an an automated method, when I come to restore the permissions will be a problem? It seems from what has been said, as long as the directories and files that are being restored have been created on my own system that should not be a problem. Views please?

Sorry, but I've asked you questions that you've not answered, and have pretty much ignored them. You now introduce some 'automated method' of backing up...without telling us what this 'automated method' actually IS, where you're backing up TO, etc. Again, all of these things have a direct impact on what you're asking about.

If it's genuine made-for-taking-a-backup software, then such things typically take care of permissions. If you're just doing a copy, then you MIGHT have an issue, again depending on what you're copying WITH and TO. And you've not said anything about ANY of these aspects. Without actual details, all we can really say is "maybe you'll have a problem".

Personally, if I'm just taking a quick copy for safety's sake, I can buy a 256GB thumbdrive for $25, and have a LOT faster transfer rates in the event I have to restore, and won't need a network to do it. Since backing up the OS is pointless (a re-install is pretty simple), you just need to back up your personal data.


All times are GMT -5. The time now is 04:43 AM.