Fedora :: Strategy To Set Up Groups And Permissions
Nov 12, 2009
I'm setting up a Fedora 11 server for the company of one of my friends. So far so good. But now he has asked me to setup access restrictions to folders through samba. Now I'm quite familiar with user access policies, even though I'm quite new to the GNU/Linux world. What I want to know is : what is the best way to give and remove, on the go, rwx access for a specific user to a certain folder in a linux system? Can I create groups for each folders, whose members will have the given permissions? Or do I have to create users for each folder and add to their group the user witch i want to give privilege to?
View 5 Replies
ADVERTISEMENT
Feb 12, 2009
this directory has permissions 750 and is owned by user1 and group user1 I have an admin user that is primarily a part of group admin, but also a part of group user1 what would stop admin from having read and execute permissions on this directory? I'm running clamav and have a clamd daemon running as user admin (I could run it as any user, and I may make a special user later, but I don't want to run it as user1, user2, etc).
I have 2 (technically lots more, but let's just say 2 for now) users, user1 and user2 that have home directories /home/user1 and /home/user2. each is owned and group owned by user1:user1 and user2:user2 respectively with permissions of 750. my admin user is part of groups admin, user1, and user2 I need this to be able to scan my user's directories using the command (is this correct?):
clamdscan --move=/files/quarantine/ --config-file=/etc/clamd.d/adm.conf /home/user1/file
doing this gives the error:
/home/user1/file: lstat() failed. ERROR
If I change the directory permissions to 755, it works fine.Or if I leave the permissions 750 and change the directory group ownership to admin, it works fine. So, why would this be? Obviously it is a permissions issue, but why is it not reading admin as part of the user1 group and allowing the same permissions as it does when making the directory group-owned by admin?
View 7 Replies
View Related
Aug 1, 2010
I have a FTP server (vsftpd), and would like to setup different file permissions for different groups:
-"ftpusers" group should only be able to browse and download.
-"ftpadmins" group should be able to browse, download, AND WRITE (RNFR, RNTO, MKDIR....).
Let's say my main directory is /var/ftp/docs/. It should be accessible by "ftpusers" group, but only writeable by "ftpadmins" group. Other groups or users may not access it. Which permissions and ownership should I give? My problem is that the dir can't be owned by two groups...
View 2 Replies
View Related
Nov 26, 2010
We are a school and we share a samba folder with students and teacher groups. What we are trying to do is:
- Give students group users the permissions to rwx own files in folder
- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.
- Teachers can do anything with files in folder
As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?
View 1 Replies
View Related
Jul 13, 2010
I am used to setting up users and groups on my daughters computers with Ubuntu installed.
user: magz (daughter)
user: nigel (me)
group: nima
We each have our own folder for files i.e. magz and nige. This has always worked well and it didn't matter which user is logged in we could create and access files in the other users folder with full permissions.
root@nbsq: /media/2xfi/files# ls -l
total 8
drwxrwxr-x 9 nigel nima 4096 Jul 13 09:45 magz
drwxrwxr-x 3 nigel nima 4096 Jul 13 09:45 nige
I have finally got around to getting her to try Debian which I always use, however I have never had to set up users, groups etc in Debian (squeeze) so I just did what I'm used to with Ubuntu. What I've found is that if I create a folder while I am logged in then that folder cannot be accessed by my daughter when she is logged in and the same applies if she creates a folder then I cannot access it when I am logged in, unless of course I use terminal to change the owners. In each case with the new folder the owner will be: root and the group will be: root. I would have thought what works for Ubuntu would work for Debian, however there must be differences.
View 13 Replies
View Related
Nov 13, 2010
i have 5 groups, i want to set 3 of them to have full permissions to a folder and set 2 others with read only to same folder, please help me to solve this problem. in other words i want to set this 5 groups diffrent permissions to a folder.
View 14 Replies
View Related
Jun 6, 2011
I am having problems with groups and file permissions. I have a file owned by myself
Code:
-rw-rw-r-- 1 diblemar users 2.1K Jun 3 06:02 /cluster/shared/Injects/1404_1405_1000033606_79964.return.xml
I want to modify the file using a cgi script running on an apache server (on the same machine). Both diblemar and apache are in the same group.
Code:
apache:x:48:diblemar
However, I receive a file permissions error when I try to modify the file. I assumed that with the permission settings above apache would be able to modify a file owned by someone else in the apache group.
View 5 Replies
View Related
May 25, 2010
i wonder, why nobody has written about it ...
How can i grant permission for files to specific user or specific group ??
Updated:
We have 3 groups: "g12" ("u1" and "u2), "g34" and "g56".
"g12" should only read the file.
"g34" should write and read it.
"g56" should have all permissions (rwx).
And others should not access the file at all.
View 3 Replies
View Related
Jan 17, 2010
Slackware 13 64 bit Hp Photosmart c4280 USB (All-in-one)
- Printer successfully configured using CUPS
- Scanner only works when I am Root.
- When trying to access scanner as user it says there is no scanner attached.
What should be the groups for this user in order to access the scanner? Actually, they are: haldaemon, disk, audio, video, cdrom, plugdev, power, scanner, lp. Below are the outputs for sane-find-scanner (as both root and user), although, since the scanner works well under root, I am almost sure it is a problem with setting permissions and groups.
Quote:
# sane-find-scanner
# sane-find-scanner will now attempt to detect your scanner. If the
# result is different from what you expected, first make sure your
# scanner is powered up and properly connected to your computer.
[code]....
View 2 Replies
View Related
Jun 26, 2010
I'm trying to learn about permissions on linux webserver with apache.Some clues to the system: The server I have to play around with is Fedora based. Apache runs as apache:apache. To allow for e.g. php to write to a file the file needs to be chmod 777. 755 is not sufficiant.What I'm wondering is basically how set up permissions like they should be on e.g. a "shared web host".My main problem is that if I set a permission so that one user cannot access anothers home folder, then apache can't read from the public_html folder either.
To keep the users out I need to set chmod 700. But to let apache to read I need to have at least execute on world,so a 701 basically works, but won't let some users in.So I'm really stuck on what to do. Have been concidering adding the apache user to the frous grours
below to avoid having to add the world execute flag, but is that a bad thing? Should it be the other way around, the users in the groups below should also be in the apache group?I was aiming at having 4 groups:
1. webapp: same as dev_int, but is the only one that can go inside the webapp/live folder to e.g. do an update from the repo.
2. dev_int: can read,write and execute everything in the "web root", including the two below, but nothing outside of the web root
3. dev_ext: can read write and execute in all client folders, but cannot access anything outside of the webapp root
4. clientsBasic ftp accounts. Has a home folder with a public_html, but cannot access any other home folders
View 1 Replies
View Related
Jan 28, 2011
I have a file server running 10.04. I have a user that belongs to 2 groups (users is the primary and IT is the secondary). I have permissions set up so that this user and other users that belong to the IT groups can read/write files and others have no permissions whatsoever. I have also set the umask to 0007 so that any files created have the effective permissions. My concern is this: since my primary group is users, is it possible for me to create files with the owner group IT for only this specific folder?
View 2 Replies
View Related
Sep 15, 2009
Having set up many windows servers with complex permissions on shared folders, I now have to do the same in Linux (and I'm such a noob to Linux) I understand that each file/folder is assigned a user + group, and that the rights can be set for the user, the group and global (aka everybody else) My challenge is this, inside my shared folder there is a folder that should be RW to some users, READ ONLY to others, and not accessible at all to the rest of the users. (lets call the folder MyFolder ) All 3 groups have more than 1 user, so they have to be groups (right?) How would this model work in Linux ? If there is no other way, I guess I can nest the MyFolder in a folder that has permissions to allow all users that may access MyFolder, and block the rest, then on MyFolder, set owner group the RW users, and set global to READ ONLY.
Ps : The server I'm setting up runs Debian Lenny, files will be accessed from windows workstations using samba.
View 2 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
Feb 5, 2010
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies
View Related
Nov 4, 2009
I'm using my Linux (SLES 10) server as a File Server at this point. I need to set File Permissions to nested folders differently to different groups. For example:
homesharedengineering* should be read only for groupA
homesharedengineeringadmin should be read & write for groupB Plus read only for groupA
homesharedengineeringautocad should be read & write for groupC Plus read only for groupA
I've been using Webmin and Putty to set permissions but Putty only allows me the Default Group, it won't allow me to set several groups on the same directory. Webmin seems to allow me to add multiple groups (Webmin --> Others --> File Manager --> Info & ACL tab will provide extended abilities) but when I add multiple groups, they don't seem to take effect? I'm wondering if my setup at the 'Share' level or at the hierarchy of my folder structure (unix based) needs to be set specifically?
View 1 Replies
View Related
Feb 4, 2011
I already know of a work around to fix this problem, but I guess my question is why is this not working as expected? I am using a Windows Server 2008 R2 Active Directory for authentication.
I have run auth-client-config for the ldap profile and pam-auth-update. When running getent passwd, I get a list of both the local users and the users in the active directory (with populated information in the Unix schema extension). When running getent group I get a list of both the local groups and the groups in the active directory (with populated information in the Unix schema extension).
Interestingly enough, though, when I run su DOMAINUSER, after the prompt for the password I get an authentication error. In /var/log/auth.log I can see an entry with pam_ldap: missing "host" in file "/etc/ldap.conf". The SRV records in the DNS servers resolve correctly. I've checked this with nslookup and I have seen the records within my zone file. Obviously if the ldap.conf file is working with getent and the ldap server is resolving from the SRV records, it is working fine.
The interesting part is that the Windows Server 2008 R2 AD machine shows in the event viewer that there was a successful authentication, yet the Ubuntu box says no. When I add the host within the ldap.conf file, everything works...getent and the actual authentication, either initial login or su.
[Code]...
View 1 Replies
View Related
Oct 12, 2010
I am currently trying to set up a Samba domain server. In the Samba-HOWTO-Collection I found an
example file.(Point 3.3.3.1) In the explanations of the example below, the author says I need to map UNIX Groups to NT Groups. He writes a shell-script of how one could do it, but when I copy it and then execute it, I get the error:
Bad option: rid=512
Bad option: rid=513
Bad option: rid=514
The other groups do get mapped, just the Domain Admins, Domain Users and Domain Guests dont. This is the shell from the HOWTO:
#!/bin/bash
#### Shell-Skript f ̈r sp ̈tere Verwendung aufbewahren
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins rid=512
net groupmap modify ntgroup="Domain Users" unixgroup=users rid=513
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody rid=514
[Code]...
View 2 Replies
View Related
Jun 8, 2010
So i am at the stage of about to install the basic system and am using a derivation of the package management provided by Matthias S. Benkmann. To this end I am using his useradd and groupadd scripts to update the files:
/etc/passwd
/etc/group
My issue is that when I run the commands(created as part of temporary system when installing coreutils):
Code:
/tools/bin/su linux
#then as user
/tools/bin/groups
(here linux is the name of the user) This only returns the user being in the group named after user but not the additional group of 'install' Also, prior to logging in as user, if I use this command as root:
Code:
/tools/bin/groups linux
linux install This then returns that the user is in the correct groups. Lines from relevant files look like:
Code:
#/etc/passwd
linux:x:10000:10000::/usr/src/build:/bin/bash
#/etc/group
[code].....
View 8 Replies
View Related
Jun 20, 2010
I just did my first rsnapshot backup of my /home/ to an external harddisk. When I am not at my computer for a couple of hours, I always shut it down. Therefore, there are no predictable hours of the day where I know that my computer is running. So, how should I schedule/crontab my rotating rsnapshot backups?
Is anyone using rsnapshot in combination with a schedule which is not based on exact times but rather on the time the computer is running?
View 2 Replies
View Related
Mar 7, 2011
I'm planning to partition a new hard drive to dual-boot Mint+Mepis. I've read partitioning tutorials and posts, and want to check my understanding--I'd appreciate input from an experienced person.For 500GB hard drive, dual-boot Mint+Mepis:
--Mint: / root partition for OS; /home partition for ease of upgrading
--Mepis: same as Mint
= four partitions
And:
/swap partition to be shared between Mint+Mepis
/shared partition for shared data
= two partitions
Total = six partitions
Since four primary partitions are allowed, I should use three primary partitions and one extended partition containing three logical partitions.Is that correct?If so, what should go where? I assume there's an optimal strategy--Should each /root of Mint+Mepis go in a primary? What should go in the other primary, and in the three logicals? Or maybe I don't need three primaries?--use two primaries and four logicals?
View 4 Replies
View Related
Apr 8, 2010
I compiled and install a binary source using "make" and "make install", but after I done that I think it's kind a messy not to build it in package. Therefore I tried to uninstall it and make a package out of it.
Questions:
1. How do I uninstall a compiled binary from "make install"? Some suggested to do it manually. How do I do it cleanly so that I won't miss any spot?
2. I understand that makepkg is used to build a package. I have the binary compressed in tar.gz format and have some difficulties to understand the man page for makepkg since I'm not familiar with "make". How do I build it using makepkg, what is the proper step?
View 9 Replies
View Related
Oct 3, 2009
I have a rock solid server running CentOS 5.3 (probably 5.4 soon enough). Basic LAMP box with a few tweaks thrown in. Everything is running perfectly, with one problem - the drive is too small (I project it filling up to dangerous levels in 6-8 months). So, what I'm looking to do is basically clone the drive, store the image, pull the current drive and replace with a bigger drive (same number of heads and cylinders though), and install the image.
What I did do once, a million years ago, is put the new drive as a slave on the same IDE cable, and use dd (working from a live CD of the distro) to copy from the master (smaller) to slave (larger). Then, yank the smaller, change jumper on bigger drive from slave to master, and away I go. Next step as I recall was using gparted to get access to all the space on the new, bigger drive.
Is this more less still a reasonable way to go? I recall the issue was making sure the old smaller and new larger drive had the same number of heads/cylinders (although I don't remember exactly why).
View 7 Replies
View Related
Jun 22, 2011
Was running 10.10 64-bit on Thinkpad X201. I mistakenly clicked on upgrade this morning (really meant to just do a plain old update)... I tried to stop the process, but nothing that I did could get me out of the upgrade loop... so I eventually was forced to go ahead. Machine boots into 11.04; however, keyboard and mouse doesn't work. I have an external keyboard/mouse combo and that will intermittently work, but questionable. I was able to turnoff Unity; however, Classic doesn't seem to work with either external keyboard or laptop builtin.
My root and home are on separate partitions. I have a very fresh copy of home backed up on a separate drive. I don't have a recent backup of root. If I could get Natty working with Classic (including minimize/maximize) I'd be OK...I'd be also OK with going back to 10.10 if I could do it without too much pain. Meanwhile, I'm using another machine with Windows 7 so that I can at least do some work and come back to resurrecting my machine after I've had a bit of a timeout..
View 2 Replies
View Related
Apr 8, 2011
I need a new backup strategy for my two machines:
One machine all WinXP
Second machine: Win7 on one hdd; Ubuntu on second hdd
Backup target drives:
Two new WD Caviar drives in vented external enclosure with fan (no RAID)
1) How do I format the target drives to accept Clonezilla images of all three OS's?
2) How do I format the drives to accept incremental data backups from all three OS's done between scheduled imaging?
Second machine (Win7 & Ubuntu) is not yet running, still in delivery box.
View 1 Replies
View Related
Oct 16, 2010
[URL]. I am installing the above later this week with the intent of it being my OS drive.
Potential Partition Scheme ->
Boot 100 M
Swap 8 Gig
/ -> Balance
/home --> Separate Drive
Does this make sense for a SSD drive. Not sure if I should place the swap on the SSD drive or if there are any issues around any paticular partition set up. I am looking at installing either -> LM 9 / Ultimate Edition 2.8 / Debian / Ubuntu 10.1.
View 10 Replies
View Related
Sep 8, 2010
Having just executed a 11.2 to 11.3 upgrade (KDE), in which I preserved /home from 11.2 to preserve my data and settings, I now wonder if there is a "Best Practice" on how to setup the environment, anticipating future upgrades.Currently, for applications I frequently use and wish to launch from the desktop, I open /usr/share/applications (using Dolphin) and drag the application to my Desktop Folder, choosing the "Copy To:" option.After the recent update, my Desktop Folder files remain those from 11.2 or earlier.It seems now a better practice would be to populate the Desktop Folder with links back to /usr/share/ applications, so that changes would be implemented the the link to a newer file. That would be easily implemented by choosing the "Link To:" option when dragging.
View 1 Replies
View Related
Jan 7, 2010
I want to get Ubuntu blazing fast and I started out by changing the swappiness to just 10 and got a huge performance spike. I was very happy with that. Then I used rcconf and GNOME's startup applications GUI and edited out quite a bit but still have a somewhat slow boot. Well, the next thing I thought I should do is edit the inittab and rid my self of some surely unneeded services. Well, according to this website, Ubuntu doesn't use this inittab, but etc/event.d doesn't exist either! Well I looked in /etc for something related to init, and I believe I have found where these services are called upon. /etc/init.d and /etc/init.
Now the files contain many scripts for different services so I was wondering how to edit these to turn them off to optimize my boot! Do I comment out the unneeded ones? My next question is what strategy should I use as I edit these? I think I can get rid of "ssh" and "cups" and "samba" since I don't use these. Can someone point me to a nice list of services and their functions? I just want to optimize Ubuntu as much as possible to not only have a fast computer for my self and family to use, but to impress Windows users with the speed that can be obtained from Linux!
View 4 Replies
View Related
Jan 15, 2009
just getting startedin linux <fedora9> and haveseveral questions. first what bookwould be best to start the learning process? have looked at fedora 9 and enterprise and the newest fedora 10 with enterprise and these seem to be aimed at networking setups which I do not have.also in adding users and groups which I have done I think successfully however when I use the newgrp command and try to access a file I have saved under a group with two members the file does not show in the ls command.
users are jevans in group programmers cevans in group programmers in creating the file I didthe newgrp programmers command and created the filein the cevans spotand changed to jevans and negrp programmers and the filedoes not show.so what do I do here, or is my understaning of this incorrect?
View 14 Replies
View Related
Nov 24, 2009
I have searched for days on Google and can't find a clear answer to my question. I have a NT4 PDC which I am migrating to Samba 3 (Version 3.4.2-47.fc12) on FC12 with kernel(2.6.31.5-127.fc12.i686). I am using tdbsam as my passdb backend.I setup Samba as a BDC and then joined to NT4 Domain succesfully. When I go to vampire the accounts I get lots of errors and some user accounts get transfered over. It turns that all the user accounts that transfer are those that don't have a capital letter in their username on the NT4 domain server. Most do and don't get transfered. There seems to be errors with my groups and Computer accounts.Is there a way to change the requirements in Fedora 12 for username, groups and computernames?
View 1 Replies
View Related
Dec 5, 2010
I've just installed Fedora 14 x64 and had a few problems. I have a GT9800 video card and after installation x wouldn't start untill I added xdriver-vesa nomodeset to the kernel line. Anyway I've just got it to the point where it will actually boot but wasn't asked to create a user - the live cd installation only asked for root user password. So I used useradd to create a user and I'm finally at the desktop. My question now before I go about installing the nvidia driver is can someone confirm which groups my user should belong to. I haven't used Fedora since FC3 so I can't remember.
View 2 Replies
View Related
