Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
lo there all,
i have a user that needs to be able to write to many different files that usually only the root user would be able to do.
for example, i need to be able to write to /usr/lib/python/site_packages to put system wide access to python modules.
also needs to be able to edit scripts in the /var/www folder owned by www-data
also need to be able to edit scripts in agi_bin for asterisk and write software that can write files to the aseterisk directory.
so, how do i give said user permission to edit, read, delete etc... files in all of these directories ?
You could create a new group, set the group write permission on the files you require that user to have access to and change the group of the files accordingly.
You can probably use groups to do that. Make a list of the files you want access to and their current owners. Create a new group, say "access", and make your user and all the current owners of those files members of the access group. Change the group ownership of those files to the access group and give the access group rwx permissions on those files.
ok, if i create an access group, can i have directories belong to that group? then files can be created in that group ?
also, if i change ownership of say /var/www to access will that mess up the group www-data from having the access to that folder to run the web server ?
or would it be easier to add the user to all the groups necessary (www-data, asterisk, ftp-user, etc..)
thanks
You can, of course, use ACLs.
Using ACLs, you can give explicit permissions to a specifc user or users, besides the regular access mode.
Check if your kernel and filesystem support ACLs and check the setfacl and getfacl man pages.
It is better than mess you groups just for a few users/files.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.