Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having trouble setting read-only permissions for my kids account on my home server (running Samba). I have set-up a documents share that I want my wife and I to have "rw-" access to, but my children only "r--" access (so they don't delete stuff).
I have several users on two different WinXP machines (PC1 and PC2) in my house. They are set-up in the following groups (taken from /etc/groups):
The following is an excerpt from the Samba config file for the "flex-documents" share:
[flex-documents]
path = /var/flexshare/shares/documents
comment = Documents
create mask = 0664
force group = g-parents
public = yes
browseable = yes
writeable = yes
However, when I log into a windows machine under the username "children", I still have write access to this share! I don't want my kids to delete family pictures by mistake! What am I doing wrong with the permissions???
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
so drop the force group and instead add write list = @g-parents
Works great, thanks. I no longer have write access to files I do not own when logged in as "children".
However, now I don't seem to have visibility to the contents of sub-directories when logged in as "children". For example, some share sub-directories have files in them, but these files are not visible when logged in as "children". They are only visible when logged in as "parents". Does this have something to do with "browseable" or "printable" options in Samba?
Okay, I played with the browseable option but I couldn't seem to get it to work. Instead I looked at the linux file permissions. I read somewhere that to access the contents of a directory, the user must have execute permission to the directory. Therefore I did a "chmod o=rx * -R -v" to the share. This recursively made ALL files and directories executable to "other" users (Not the best idea, but I don't know how to restrict the command to just directories). Anyway the contents of directories can now be accessed in the children account now.
Accordingly I changed the samba share create mask from "0664" to "0665".
I'm new to linux permissions. If someone can show me how to make just the directories executable, that would be appreciated.
None the less use the find comand at the root you require looking for type d(irectory)
ie find ./tester -type d
and use that in your chmod as the target for the chmod command
ie chmod 711 `find ./tester -type d`
NOTE those quotes are the charater under the tilde/~ (usually next to the 1)
SO the setup for the test:
Quote:
[chakkerz@tigerente ~]$ mkdir tester
[chakkerz@tigerente ~]$ cd tester
[chakkerz@tigerente tester]$ touch something else test 1 2 3 4
[chakkerz@tigerente tester]$ mkdir directory
[chakkerz@tigerente tester]$ touch directory/1 directory/2 directory/3
[chakkerz@tigerente tester]$ ls -F
1 2 3 4 directory/ else something test
[chakkerz@tigerente another]$ touch test you me and irene
[chakkerz@tigerente another]$ ls
and irene me test you
The verification, change and final verification (and a type f for good measure) :
Quote:
[chakkerz@tigerente ~]$ cd ~
[chakkerz@tigerente ~]$ ls -ld `find ./tester/ -type d`
drwxrwx--- 3 chakkerz chakkerz 4096 Oct 30 07:11 ./tester/
drwxrwx--- 3 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory
drwxrwx--- 2 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory/another
[chakkerz@tigerente ~]$ chmod 711 `find ./tester/ -type d`
[chakkerz@tigerente ~]$ ls -ld `find ./tester/ -type d`
drwx--x--x 3 chakkerz chakkerz 4096 Oct 30 07:11 ./tester/
drwx--x--x 3 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory
drwx--x--x 2 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory/another
[chakkerz@tigerente ~]$ ls -ld `find ./tester/ -type f`
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/1
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/2
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/3
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/4
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/directory/1
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/directory/2
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/directory/3
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/and
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/irene
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/me
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/test
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/you
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/else
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/something
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/test
Holy schniky! Thanks. But now that I have made every file and directory executable, how do I do the inverse of `find ./tester -type d`? That is, apply the chmod to every item other than directories.
Surely I can't say `find ./tester -type b c p f l s D` or is there a better way?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.