Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am new to Linux (since yesterday) . .and am trying to set permission rights.
I have installed acl, but unable to use command
setfacl -R -m user:xyz:6 /var/www
(lists folders / files saying operation not supported !)
I need usr xyz to be able to move files transferred via ftp to the Apache www folder !
As well as access to mysql etc . .
Is there a way to set the user as a admin ?
I also tried:
chmod -R 0755 /var
Also no success
Pls someone help to set access rights for user xyz to be able to read write to all folders (all LAMP related files and folders . .)
using Debian, and gnome (which i dislike btw)
Thanks for any hints and tips in this matter
Kind regards
Alex
I think you are on the right track and hopefully a bit of explanation of Linux permissions will help. The permissions are broken into 3 groups, each represented as an octal digit. The permissions, in order, are for: owner-group-others and the digits are for read-write-execute. Directories need to have the execute permission set in order to function, which may not be intuitively obvious. Therefore when you set a file to 755, you are saying that the owner can read, write, and execute, but others can read and execute only but not write. Normally, when it comes to your apache directory you want, or rather really need, to keep the permissions restricted or else you will find that would be attackers can easily hijack your system. As far as your permissions go for your Apache folders, one suggestion would be to create a group, such as www-users and place user XYZ in this group. You could then use 'chmod' and chown to change the group ownership of the files to www-users and make this group write-able. This would allow XYZ to write to this directory, while still keeping the 'others' as read only (you especially don't want this to be write permitted).
I am not familiar with this ACL application, but it sounds like a variant of SELinux or Aparmor. Normally these applications aren't how you want to control user access, but rather they are used as a belt-and-suspenders backup to allow and restrict applications from being able to access critical configuration files.
MySQL doesn't use the file permissions. Instead you need to create a user account for XYZ and explicitly grant the permissions on the desired database to the user. One thing to keep in mind is that this gets a little more complicated if you are accessing the SQL server remotely. The login contains user@domain and when SQL is running on the same machine this is by default localhost. If they are logging in from another machine this will appear as user@other-host, which does NOT match user@localhost. You can use wild cards or create a remote-login account to correct this problem.
I am also confused about your dislike for Debian, and, or Gnome. If you don't like Gnome, you might want to try one of the other window managers: KDE, XFCE, Fluxbox, etc. Debian, however, is a solid and stable distribution. You should give it some time before signing off on it. May I ask if there is a particular problem you are having as perhaps there is a solution that would ease some of your frustrations?
You will only be able to use setfacl command if that partition is mounted with acl option.
Do the following:
1. Take a backup of /etc/fstab
2. Edit the acl option on the device on which you are trying to set acl on. For example
usually it looks like the below:
/dev/hda1 /test ext3 defaults 0 0
change it to:
/dev/hda1 /test ext3 defaults,acl 0 0
3. Save /etc/fstab
4. Restart the system
Note:Make sure that you do not change any other option in /etc/fstab. Also check if /var is mounting as separate partition. Usually acls are used for home directories or shared directories.
Last edited by T3RM1NVT0R; 04-29-2011 at 07:57 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.