Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to understand and set up a folder and file system that will not present issues when transferring items from one machine/storage device to another.
What I would like is the ideal settings that preserve basic security of the folder
or file but allow me to move items easily.
I understand the permissions system default set-up is for multiple users/commercial uses but I just want it to work for me and anyone I send a file or folder to.
Is there an easy way to do this? How is this done working with nemo?
When you copy a file, it is the permissions on the receiving folder that matter, not the permissions on the file (other than basic read access). You need to have full access (including write permission) on that folder because the folder is actually a directory, that is an index, and you are adding an item to that index. The access permissions of the file itself will stay the same by default but the new copy will belong to you, not to the owner of the original file.
Transferring or moving a file is more complicated as it removes it from its original folder, so you will need to have write access to that folder as well.
If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories. However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.
I am trying to understand and set up a folder and file system that will not present issues when transferring items from one machine/storage device to another.
What I would like is the ideal settings that preserve basic security of the folder or file but allow me to move items easily. I understand the permissions system default set-up is for multiple users/commercial uses but I just want it to work for me and anyone I send a file or folder to.
Is there an easy way to do this? How is this done working with nemo? I hope that makes sense.
Hazel gives solid advice, but I'll ask for further information, because you say "move", and "anyone I send a file or folder to", which are nebulous in this context.
Do you actually mean MOVE, as in "put it somewhere else, and DELETE the copy you have", or do you mean it in the sense of "copy"??
How are you doing this move/copy/transfer? Because using SFTP/SCP is different than FTP, which is different than Samba or NFS, as far as permissions go.
Anyone you send something to you have NO CONTROL over...that's on their system, not yours.
And Linux systems have user ID's (UID's), which may (or may NOT) match on the receiving system, depending on how the users are created. Network shares like NFS or Samba may have their own permissions set and have ACL's in place that differ as well.
Yes, it's a complex thing, but this is no different than Windows...they have ACL's, folder security etc. in place as well. If you're doing this on a LAN with other users, that simplifies things greatly. If you're sharing over the Internet, that's NOT so simple, and your best solution may be to use Google Drive, Dropbox, or a solution such as that, to share files with others.
Not enough details/information to offer up a more solid solution.
nemo is a client and uses GVFS to connect to a server which can be ssh, SMB/CIFS (samba), ftp, webdav etc. Most protocols require a authentication and as stated its the server that determines write permissions. In addition the remote server can be accessed outside of nemo by mounting or FUSE and its that command/options and authentication that determines write permissions for your user.
If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories.
You can check what the current folder rights are by running ls -l (long listing) on the folder's parent. The second field of the list shows the permissions; the first 3 columns are your rights as personal user: r for read, w for write, x for execute. If you don't have full rights on the folder, use chmod u=rwx to give yourself as user full rights.
depending on the owner of the directory, determines if the user can change permissions, or that user needs to use sudo, or su passwd, to change permissions, being that it is your system you should have all three available to you depending on where the destination is.
if you're going to put some files in a usb stick with a linux format then you can give it full permissions on the entire stick.
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:
However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.
I have come across this:
Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.
I presume in 1) above this is sudo and in 3) this is su?
Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.
I presume in 1) above this is sudo and in 3) this is su?
or have I misunderstood?
No, when people on this forum talk about doing things as root, it nearly always covers the use of both su and sudo. In practice there's no real distinction, although they work in different ways. What I meant by option 3 was to permanently change the permissions of the directories concerned. It's a lousy idea because you really shouldn't mess with system directory permissions; they are set the way they are for very good reasons. But it is a theoretical possibility.
Another (and much safer) option which I didn't consider at the time would be to use the chacl (change acl) command (as root naturally) to give write access to those directories to yourself by name rather than to the world. But I wouldn't do even that on my own system. I'd just use sudo to make my transfers or use copy rather than move. It's only a slight inconvenience after all. Safety first!
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:
However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.
I have come across this:
Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.
I presume in 1) above this is sudo and in 3) this is su? or have I misunderstood?
Yes, thanks the reminder. Please note my comments previously:
Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:
Yes, thanks the reminder. Please note my comments previously:
Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:
And none of those questions relate in any way towards permissions. Again:
Do you actually mean MOVE, as in "put it somewhere else, and DELETE the copy you have", or do you mean it in the sense of "copy"??
How are you doing this move/copy/transfer? Because using SFTP/SCP is different than FTP, which is different than Samba or NFS, as far as permissions go.
Anyone you send something to you have NO CONTROL over...that's on their system, not yours.
So:
Do you mean move or copy??
What are you using to transfer things? What application/protocol???
How are you sending?
These aren't questions about permissions, but how you're doing things, which will possibly EFFECT permissions.
Transferring or moving a file is more complicated as it removes it from its original folder, so you will need to have write access to that folder as well.
If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories. However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.
Ok I can see that moving a file is different to copying. I can see that moving a file can be problematic if outside my OS. Also there may be network issues influencing 'sending' files over the internet.
I will assume for my own use copying files between my own directories will be reasonably trouble free. Or I can use chmod u=rwx on the parent folder/directory for anywhere I do not have full rights.
If I say I am not moving directories or files over the internet for now. This issue has arisen over a worry that when I back-up my system using an an automated method, when I come to restore the permissions will be a problem? It seems from what has been said, as long as the directories and files that are being restored have been created on my own system that should not be a problem. Views please?
Ok I can see that moving a file is different to copying. I can see that moving a file can be problematic if outside my OS. Also there may be network issues influencing 'sending' files over the internet.
I will assume for my own use copying files between my own directories will be reasonably trouble free. Or I can use chmod u=rwx on the parent folder/directory for anywhere I do not have full rights.
If I say I am not moving directories or files over the internet for now. This issue has arisen over a worry that when I back-up my system using an an automated method, when I come to restore the permissions will be a problem? It seems from what has been said, as long as the directories and files that are being restored have been created on my own system that should not be a problem. Views please?
Sorry, but I've asked you questions that you've not answered, and have pretty much ignored them. You now introduce some 'automated method' of backing up...without telling us what this 'automated method' actually IS, where you're backing up TO, etc. Again, all of these things have a direct impact on what you're asking about.
If it's genuine made-for-taking-a-backup software, then such things typically take care of permissions. If you're just doing a copy, then you MIGHT have an issue, again depending on what you're copying WITH and TO. And you've not said anything about ANY of these aspects. Without actual details, all we can really say is "maybe you'll have a problem".
Personally, if I'm just taking a quick copy for safety's sake, I can buy a 256GB thumbdrive for $25, and have a LOT faster transfer rates in the event I have to restore, and won't need a network to do it. Since backing up the OS is pointless (a re-install is pretty simple), you just need to back up your personal data.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.