LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-10-2019, 08:02 AM   #1
jones5
Member
 
Registered: Mar 2015
Distribution: Peppermint
Posts: 98

Rep: Reputation: 1
How to avoid permissions problems (newb)


I am trying to understand and set up a folder and file system that will not present issues when transferring items from one machine/storage device to another.

What I would like is the ideal settings that preserve basic security of the folder
or file but allow me to move items easily.

I understand the permissions system default set-up is for multiple users/commercial uses but I just want it to work for me and anyone I send a file or folder to.

Is there an easy way to do this? How is this done working with nemo?

I hope that makes sense.
 
Old 07-10-2019, 08:34 AM   #2
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,194
Blog Entries: 9

Rep: Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709
When you copy a file, it is the permissions on the receiving folder that matter, not the permissions on the file (other than basic read access). You need to have full access (including write permission) on that folder because the folder is actually a directory, that is an index, and you are adding an item to that index. The access permissions of the file itself will stay the same by default but the new copy will belong to you, not to the owner of the original file.

Transferring or moving a file is more complicated as it removes it from its original folder, so you will need to have write access to that folder as well.

If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories. However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.
 
1 members found this post helpful.
Old 07-10-2019, 08:55 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,720

Rep: Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745
Quote:
Originally Posted by jones5 View Post
I am trying to understand and set up a folder and file system that will not present issues when transferring items from one machine/storage device to another.

What I would like is the ideal settings that preserve basic security of the folder or file but allow me to move items easily. I understand the permissions system default set-up is for multiple users/commercial uses but I just want it to work for me and anyone I send a file or folder to.

Is there an easy way to do this? How is this done working with nemo? I hope that makes sense.
Hazel gives solid advice, but I'll ask for further information, because you say "move", and "anyone I send a file or folder to", which are nebulous in this context.
  • Do you actually mean MOVE, as in "put it somewhere else, and DELETE the copy you have", or do you mean it in the sense of "copy"??
  • How are you doing this move/copy/transfer? Because using SFTP/SCP is different than FTP, which is different than Samba or NFS, as far as permissions go.
  • Anyone you send something to you have NO CONTROL over...that's on their system, not yours.
And Linux systems have user ID's (UID's), which may (or may NOT) match on the receiving system, depending on how the users are created. Network shares like NFS or Samba may have their own permissions set and have ACL's in place that differ as well.

Yes, it's a complex thing, but this is no different than Windows...they have ACL's, folder security etc. in place as well. If you're doing this on a LAN with other users, that simplifies things greatly. If you're sharing over the Internet, that's NOT so simple, and your best solution may be to use Google Drive, Dropbox, or a solution such as that, to share files with others.

Not enough details/information to offer up a more solid solution.
 
Old 07-10-2019, 09:00 AM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 18,804

Rep: Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807
Quote:
How is this done working with nemo?
nemo is a client and uses GVFS to connect to a server which can be ssh, SMB/CIFS (samba), ftp, webdav etc. Most protocols require a authentication and as stated its the server that determines write permissions. In addition the remote server can be accessed outside of nemo by mounting or FUSE and its that command/options and authentication that determines write permissions for your user.

Last edited by michaelk; 07-10-2019 at 09:01 AM.
 
Old 07-10-2019, 09:30 AM   #5
jones5
Member
 
Registered: Mar 2015
Distribution: Peppermint
Posts: 98

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by hazel View Post

If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories.

Can you advise a quick way?
 
Old 07-10-2019, 11:00 AM   #6
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,194
Blog Entries: 9

Rep: Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709
Quote:
Originally Posted by jones5 View Post
Can you advise a quick way?
You can check what the current folder rights are by running ls -l (long listing) on the folder's parent. The second field of the list shows the permissions; the first 3 columns are your rights as personal user: r for read, w for write, x for execute. If you don't have full rights on the folder, use chmod u=rwx to give yourself as user full rights.
 
Old 07-10-2019, 09:29 PM   #7
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: FreeBSD/Slackware-14.2+/ArcoLinux
Posts: 9,004

Rep: Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884
depending on the owner of the directory, determines if the user can change permissions, or that user needs to use sudo, or su passwd, to change permissions, being that it is your system you should have all three available to you depending on where the destination is.

if you're going to put some files in a usb stick with a linux format then you can give it full permissions on the entire stick.
Code:
sudo chmod 775 -R /destination
or
sudo chmod 777 -R /destination
Unix Permissions Calculator

Last edited by BW-userx; 07-10-2019 at 09:32 PM.
 
1 members found this post helpful.
Old 07-11-2019, 11:16 AM   #8
jones5
Member
 
Registered: Mar 2015
Distribution: Peppermint
Posts: 98

Original Poster
Rep: Reputation: 1
I will answer comments above more fully when I have studied permissions a little more fully.

In the meantime regarding Hazel's comment:




However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.


I have come across this:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.

I presume in 1) above this is sudo and in 3) this is su?

or have I misunderstood?
 
Old 07-11-2019, 11:34 AM   #9
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,194
Blog Entries: 9

Rep: Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709Reputation: 1709
Quote:
Originally Posted by jones5 View Post
I have come across this:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.

I presume in 1) above this is sudo and in 3) this is su?

or have I misunderstood?
No, when people on this forum talk about doing things as root, it nearly always covers the use of both su and sudo. In practice there's no real distinction, although they work in different ways. What I meant by option 3 was to permanently change the permissions of the directories concerned. It's a lousy idea because you really shouldn't mess with system directory permissions; they are set the way they are for very good reasons. But it is a theoretical possibility.

Another (and much safer) option which I didn't consider at the time would be to use the chacl (change acl) command (as root naturally) to give write access to those directories to yourself by name rather than to the world. But I wouldn't do even that on my own system. I'd just use sudo to make my transfers or use copy rather than move. It's only a slight inconvenience after all. Safety first!
 
Old 07-11-2019, 11:59 AM   #10
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,720

Rep: Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745
Quote:
Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:


However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.


I have come across this:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege escalation to a single command.

I presume in 1) above this is sudo and in 3) this is su? or have I misunderstood?
And what about everything asked in post #3???
 
Old 07-12-2019, 03:07 AM   #11
jones5
Member
 
Registered: Mar 2015
Distribution: Peppermint
Posts: 98

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by TB0ne View Post
And what about everything asked in post #3???
Yes, thanks the reminder. Please note my comments previously:

Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:
 
Old 07-12-2019, 06:48 AM   #12
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,720

Rep: Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745
Quote:
Originally Posted by jones5 View Post
Yes, thanks the reminder. Please note my comments previously:

Originally Posted by jones5 View Post
I will answer comments above more fully when I have studied permissions a little more fully.
In the meantime regarding Hazel's comment:
And none of those questions relate in any way towards permissions. Again:
  1. Do you actually mean MOVE, as in "put it somewhere else, and DELETE the copy you have", or do you mean it in the sense of "copy"??
  2. How are you doing this move/copy/transfer? Because using SFTP/SCP is different than FTP, which is different than Samba or NFS, as far as permissions go.
  3. Anyone you send something to you have NO CONTROL over...that's on their system, not yours.
So:
  1. Do you mean move or copy??
  2. What are you using to transfer things? What application/protocol???
  3. How are you sending?
These aren't questions about permissions, but how you're doing things, which will possibly EFFECT permissions.
 
Old 07-17-2019, 02:38 PM   #13
jones5
Member
 
Registered: Mar 2015
Distribution: Peppermint
Posts: 98

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by hazel View Post

Transferring or moving a file is more complicated as it removes it from its original folder, so you will need to have write access to that folder as well.

If the transfers are between directories that belong to you, there should be no problems. Just give yourself the required rights over those directories. However moving files from a system directory will cause problems because system directories belong to root and ordinary users don't have write access to them. You can get round this by:
1) Doing the transfer as root;
2) Copying the file rather than moving it;
3) Using root access to give yourself write access to those directories. I would definitely not recommend this, as it would leave your system open to intruders who could insert spoof commands into your command path.
Ok I can see that moving a file is different to copying. I can see that moving a file can be problematic if outside my OS. Also there may be network issues influencing 'sending' files over the internet.

I will assume for my own use copying files between my own directories will be reasonably trouble free. Or I can use chmod u=rwx on the parent folder/directory for anywhere I do not have full rights.

If I say I am not moving directories or files over the internet for now. This issue has arisen over a worry that when I back-up my system using an an automated method, when I come to restore the permissions will be a problem? It seems from what has been said, as long as the directories and files that are being restored have been created on my own system that should not be a problem. Views please?
 
Old 07-18-2019, 07:11 AM   #14
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,720

Rep: Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745Reputation: 5745
Quote:
Originally Posted by jones5 View Post
Ok I can see that moving a file is different to copying. I can see that moving a file can be problematic if outside my OS. Also there may be network issues influencing 'sending' files over the internet.

I will assume for my own use copying files between my own directories will be reasonably trouble free. Or I can use chmod u=rwx on the parent folder/directory for anywhere I do not have full rights.

If I say I am not moving directories or files over the internet for now. This issue has arisen over a worry that when I back-up my system using an an automated method, when I come to restore the permissions will be a problem? It seems from what has been said, as long as the directories and files that are being restored have been created on my own system that should not be a problem. Views please?
Sorry, but I've asked you questions that you've not answered, and have pretty much ignored them. You now introduce some 'automated method' of backing up...without telling us what this 'automated method' actually IS, where you're backing up TO, etc. Again, all of these things have a direct impact on what you're asking about.

If it's genuine made-for-taking-a-backup software, then such things typically take care of permissions. If you're just doing a copy, then you MIGHT have an issue, again depending on what you're copying WITH and TO. And you've not said anything about ANY of these aspects. Without actual details, all we can really say is "maybe you'll have a problem".

Personally, if I'm just taking a quick copy for safety's sake, I can buy a 256GB thumbdrive for $25, and have a LOT faster transfer rates in the event I have to restore, and won't need a network to do it. Since backing up the OS is pointless (a re-install is pretty simple), you just need to back up your personal data.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Permissions Permissions Permissions! makem Linux - Newbie 13 07-30-2015 11:54 AM
Newbie Newb Newb Here sudoBash LinuxQuestions.org Member Intro 1 06-26-2013 09:51 PM
Permissions ( to avoid unwanted things ) spiriad Linux - General 2 01-18-2009 12:20 AM
Suse Newb: Not Linux Newb rodericj SUSE / openSUSE 9 03-25-2005 10:03 AM
The first step to ascending newb status, acknowledging you're a newb :P LordRaven LinuxQuestions.org Member Intro 1 08-24-2004 05:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration