LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-29-2007, 05:02 AM   #1
muhammednavas
Member
 
Registered: Nov 2006
Location: India
Distribution: CentOS, Redhat, Ubuntu
Posts: 30

Rep: Reputation: 15
setting permission


Hi
we have a group in our network named 'trainings' also a directory named Docs.the members under trainings could read the files under Docs.but they should'nt copy Docs directory and it's files .how can i give the permisssion?

Anybody can help me....
 
Old 01-29-2007, 05:15 AM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Let me get this straight: so you mean that the users in group trainings must have a read access to the directory Docs/, but they should not be able to copy the contents of that directory nor the directory itself (as a whole)? If I misunderstood, please correct me

Anyway if I got that right, it might be tricky. I mean if they have read permissions, they can read (and thus copy) the files; you can prevent them from writing to that directory, or any place else on the system, but they can nevertheless copy the information and possibly paste it to some other system/place. That's what reading is you could of course write somekind of "user interface" which lets them read files from within that directory somehow that they were unable to copy them, but it might prove difficult..

What's the idea behind letting them see the files inside Docs/ but prevent them from copying what they see anyway? I mean, they could (at worst) just write down the information manually..that's copying too. I hope I misunderstood something, but correct me in that case.
 
Old 01-29-2007, 05:46 AM   #3
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
If they have UNIX read access then sorry. If they can access with any viewer, then they can use cp as viewer. If you try to make an UI for them in a good LAN, you can possibly allow them chroot'ed SSH logins with X forwarding and make the following chain: daemon on the machine reads data and passes via local TCP socket to the only (statically linked) program that resides inside chroot. Then this programs renders itself an image and passes it to X server. In this case there will be only screenshots and manual writing down. If you want to forbid screenshots you have to use very restricted-access machines that have no removable media capabilities (check USB is disabled) and that cannot send anything by network. If there is any possibility to take information away, it will be used, and getting a screenshot is not difficult. If you want to prevent writing down, you'll need administrative measures like full search of everyone going away and you can drop all other measures except network isolation not to let mailing files.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
setting permission SVwander Linux - Newbie 9 01-28-2007 11:04 AM
permission setting of a scanner? behmjoe Linux - Hardware 1 01-01-2006 03:53 AM
SUID and setting 'other' permission to _ _ x hpladd Linux - Newbie 3 06-17-2005 01:37 PM
Permission setting tkt Linux - Newbie 4 06-08-2005 09:06 PM
setting up permission dramous Linux - Software 1 10-19-2004 11:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration