i wonder, why nobody has written about it ...
How can i grant permission for files to specific user or specific group ??
Updated:
We have 3 groups: "g12" ("u1" and "u2), "g34" and "g56".
"g12" should only read the file.
"g34" should write and read it.
"g56" should have all permissions (rwx).
And others should not access the file at all.
We are a school and we share a samba folder with students and teacher groups. What we are trying to do is:
- Give students group users the permissions to rwx own files in folder
- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.
- Teachers can do anything with files in folder
As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?
How can I mount a device with specific user rights on start up? I still have some problems figuring it out. I would like to mount the divide with uid=1000 and gid=1000. My current entry to the /etc/fstab/ file looks like this:
dev /var/www vboxsf rw, suid, dev, exec, auto, nouser, async, uid=1000
Slackware 13 64 bit Hp Photosmart c4280 USB (All-in-one)
- Printer successfully configured using CUPS
- Scanner only works when I am Root.
- When trying to access scanner as user it says there is no scanner attached.
What should be the groups for this user in order to access the scanner? Actually, they are: haldaemon, disk, audio, video, cdrom, plugdev, power, scanner, lp. Below are the outputs for sane-find-scanner (as both root and user), although, since the scanner works well under root, I am almost sure it is a problem with setting permissions and groups.
Quote:
# sane-find-scanner
# sane-find-scanner will now attempt to detect your scanner. If the
# result is different from what you expected, first make sure your
# scanner is powered up and properly connected to your computer.
[code]....
I did some digging on the sudo command and I do know the config file is /etc/sudoers Read the manual for sudoers and found out that I must use visudo to edit the file I read some of the examples at the bottom of the file and tried entering my own account in following the example. one of the commands I was trying to allow my account to perform without root login is the mount command So I tried adding this in (kreid8 /bin/mount ALL) I then saved & exited the file and logged out of root and tried sudo mount -t vfat /dev/sdc1 /media. I got an error saying I had to be root in order to do that But when I use the visudo -l option it shows that I have that privellege. Did I edit the file incorrectly?
View 6 Replies View RelatedI'm struggling to understand an aspect of mounting and mountpoints with /etc/fstab. There is a large number of sites and threads that make recommendations using things like uid, gid, umask, and other options. These methods, however, which I've used, are file-system specific, useful only for filesystems such as (V)FAT and NTFS that allow them.My current situation is that I am mounting partition /dev/sdb5 in, let's call it /media/myMount. My goals:Mount this partition automatically upon boot using /etc/fstab...The partition should be fully accessible only to a specific user or group.What I've done is create the mount point in /media:
If user michapma were to carry out the mount, I believe it would work; however, I want the mount to happen automatically during boot. So, how can I achieve my user (or group) permission goals for this and any other such partitions using fstab?The manpage for mount has been helpful, but after reading many tutorials and forum threads, the only way I know how to do it is to have the user do the mounting or rely on the file-system specific options.
I'm using ubuntu 9.10. I used the command:
root@aduait-laptop:~# sudo chown -R root:root /media/104B-FF96/Private to set the permissions of Private folder for root but it is giving error:
Code:
root@aduait-laptop:~# sudo chown -R root:root /media/104B-FF96/Private
chown: changing ownership of `/media/104B-FF96/Private/5.jpg': Operation not permitted
chown: changing ownership of `/media/104B-FF96/Private/6.jpg': Operation not permitted
chown: changing ownership of `/media/104B-FF96/Private/7.jpg': Operation not permitted
[Code].....
I wanna make a small web server for local use , I've installed apache, every thing works fine I'm the root
I wanna protect the folder that contain the htdocs files (www), i don't want any users that not in root group to access (not even read)
I changed the permission of the htdocs folder as next
Owner: www (apache user)
per: creat , delete
group: root
per: creat , delete
other: none
it only works on the main folder that i changed its permissions ! not all sub folders and files ! were my steps right ? and are their anyway to change all folders and files at once ?
i have 5 groups, i want to set 3 of them to have full permissions to a folder and set 2 others with read only to same folder, please help me to solve this problem. in other words i want to set this 5 groups diffrent permissions to a folder.
View 14 Replies View RelatedI am having problems with groups and file permissions. I have a file owned by myself
Code:
-rw-rw-r-- 1 diblemar users 2.1K Jun 3 06:02 /cluster/shared/Injects/1404_1405_1000033606_79964.return.xml
I want to modify the file using a cgi script running on an apache server (on the same machine). Both diblemar and apache are in the same group.
Code:
apache:x:48:diblemar
However, I receive a file permissions error when I try to modify the file. I assumed that with the permission settings above apache would be able to modify a file owned by someone else in the apache group.
I tried to place a mono icon in usr/icons/etc but I didn't have the permission to do so. I tried to change my user profile to Admin, thinking I could go back to custom, but that hasn't and it isn't allowing me to go back to my previous setting.
Within minutes of being an Admin user I noticed I couldn't even unmount something. I really need to figure out how to change my profile back to default.
After that has been dealt with, I would like some guidance on how to gain root access to put my icon where it needs to be.
I am currently trying to replace my Windows Server with a CentOS 5.3 box running nfsd for file serving. I have it all up and running however I cant see anyway of securing user access rights to the shares as all you need to access them is just clone the User ID of a user authorized to access the share of any Linux system which seems a bit insecure to me? I was wondering if there was any advice on securing access to server shares in CentOS.
View 2 Replies View RelatedWhat is the difference between creating a "regular" user and creating a "system" user on Linux?
For example:
Code:
adduser john
Code:
adduser --system john
Similarly it seems there are normal groups and system groups. Doing an internet search and reading man pages does not give much information on the whole concept of system and regular user/group.
I'm trying to learn about permissions on linux webserver with apache.Some clues to the system: The server I have to play around with is Fedora based. Apache runs as apache:apache. To allow for e.g. php to write to a file the file needs to be chmod 777. 755 is not sufficiant.What I'm wondering is basically how set up permissions like they should be on e.g. a "shared web host".My main problem is that if I set a permission so that one user cannot access anothers home folder, then apache can't read from the public_html folder either.
To keep the users out I need to set chmod 700. But to let apache to read I need to have at least execute on world,so a 701 basically works, but won't let some users in.So I'm really stuck on what to do. Have been concidering adding the apache user to the frous grours
below to avoid having to add the world execute flag, but is that a bad thing? Should it be the other way around, the users in the groups below should also be in the apache group?I was aiming at having 4 groups:
1. webapp: same as dev_int, but is the only one that can go inside the webapp/live folder to e.g. do an update from the repo.
2. dev_int: can read,write and execute everything in the "web root", including the two below, but nothing outside of the web root
3. dev_ext: can read write and execute in all client folders, but cannot access anything outside of the webapp root
4. clientsBasic ftp accounts. Has a home folder with a public_html, but cannot access any other home folders
I'm using my Linux (SLES 10) server as a File Server at this point. I need to set File Permissions to nested folders differently to different groups. For example:
homesharedengineering* should be read only for groupA
homesharedengineeringadmin should be read & write for groupB Plus read only for groupA
homesharedengineeringautocad should be read & write for groupC Plus read only for groupA
I've been using Webmin and Putty to set permissions but Putty only allows me the Default Group, it won't allow me to set several groups on the same directory. Webmin seems to allow me to add multiple groups (Webmin --> Others --> File Manager --> Info & ACL tab will provide extended abilities) but when I add multiple groups, they don't seem to take effect? I'm wondering if my setup at the 'Share' level or at the hierarchy of my folder structure (unix based) needs to be set specifically?
I am building a livecd, the live user created at boot time is a member of the audio group set in /etc/group. This way works for the livecd but when installed a user must manually add himself to the audio group. How can I set new users to automatically become a member of the audio group? In /etc/default/useradd I can set only one group.
View 4 Replies View RelatedI've created a set of users using the newusers command. Unfortunatelly ive messed up and added all users to the 1000 group as primary group instead of giving the group argument as null what would add them to a new group. To make things clear:
The entries should be
user:password:::User Name:/home/user:/bin/bash
but I did
user:password::1000:User Name:/home/user:/bin/bash
I need to create the missing groups. A simple fix could be do a for loop creating a group with the name of each user in my file and then adding the users to it. Are there any dangers of doing it? What impact could this change have? Are there any safer ways?
A combination of the following commands:
Quote:
Add users to a group with the gpasswd command:
# gpasswd -a [user] [group]
To delete existing groups:
# groupdel [group]
To remove users from a group:
# gpasswd -d [user] [group]
If the user is currently logged in, he/she must log out and in again for the change to have effect.
Quote:
for i in (names)
do groupadd $i
gpasswd -a $i $i
Assuming I've created all users in group 1000 I could remove them from it with
Quote:
# gpasswd -d [user] [group]
I have a FTP server (vsftpd), and would like to setup different file permissions for different groups:
-"ftpusers" group should only be able to browse and download.
-"ftpadmins" group should be able to browse, download, AND WRITE (RNFR, RNTO, MKDIR....).
Let's say my main directory is /var/ftp/docs/. It should be accessible by "ftpusers" group, but only writeable by "ftpadmins" group. Other groups or users may not access it. Which permissions and ownership should I give? My problem is that the dir can't be owned by two groups...
I'm setting up a Fedora 11 server for the company of one of my friends. So far so good. But now he has asked me to setup access restrictions to folders through samba. Now I'm quite familiar with user access policies, even though I'm quite new to the GNU/Linux world. What I want to know is : what is the best way to give and remove, on the go, rwx access for a specific user to a certain folder in a linux system? Can I create groups for each folders, whose members will have the given permissions? Or do I have to create users for each folder and add to their group the user witch i want to give privilege to?
View 5 Replies View RelatedI am used to setting up users and groups on my daughters computers with Ubuntu installed.
user: magz (daughter)
user: nigel (me)
group: nima
We each have our own folder for files i.e. magz and nige. This has always worked well and it didn't matter which user is logged in we could create and access files in the other users folder with full permissions.
root@nbsq: /media/2xfi/files# ls -l
total 8
drwxrwxr-x 9 nigel nima 4096 Jul 13 09:45 magz
drwxrwxr-x 3 nigel nima 4096 Jul 13 09:45 nige
I have finally got around to getting her to try Debian which I always use, however I have never had to set up users, groups etc in Debian (squeeze) so I just did what I'm used to with Ubuntu. What I've found is that if I create a folder while I am logged in then that folder cannot be accessed by my daughter when she is logged in and the same applies if she creates a folder then I cannot access it when I am logged in, unless of course I use terminal to change the owners. In each case with the new folder the owner will be: root and the group will be: root. I would have thought what works for Ubuntu would work for Debian, however there must be differences.
this directory has permissions 750 and is owned by user1 and group user1 I have an admin user that is primarily a part of group admin, but also a part of group user1 what would stop admin from having read and execute permissions on this directory? I'm running clamav and have a clamd daemon running as user admin (I could run it as any user, and I may make a special user later, but I don't want to run it as user1, user2, etc).
I have 2 (technically lots more, but let's just say 2 for now) users, user1 and user2 that have home directories /home/user1 and /home/user2. each is owned and group owned by user1:user1 and user2:user2 respectively with permissions of 750. my admin user is part of groups admin, user1, and user2 I need this to be able to scan my user's directories using the command (is this correct?):
clamdscan --move=/files/quarantine/ --config-file=/etc/clamd.d/adm.conf /home/user1/file
doing this gives the error:
/home/user1/file: lstat() failed. ERROR
If I change the directory permissions to 755, it works fine.Or if I leave the permissions 750 and change the directory group ownership to admin, it works fine. So, why would this be? Obviously it is a permissions issue, but why is it not reading admin as part of the user1 group and allowing the same permissions as it does when making the directory group-owned by admin?
How do I give permission to a logged in user to stop/start a specific service without entering a root/sudo password? So they can do a simple "service SomeService stop|start" It is for a headless Ubuntu server.
View 5 Replies View RelatedI wanted to assign ownership of my choice to my zip file while unzipping so I am using the command:
unzip yourfile.zip|awk -F": " '{print $2}' | xargs chown user.group
I also want to give 705 permissions to all directories and 777 to all files on unzipping?
I have set up freenas with 3 1tb hard drives. I have set up the SMB shares for the drives and can view each shared drive from each of the machines on my network. I can copy files from the hard drives, on the freenas but when I try to copy a file to the Freenas hard drives I get a message that I need permission to do this. I have all my shares set as anonymous how do I change the permissions so that I can save files to the drives.
View 1 Replies View Related'the command I would use to change the group permission to write and the user and other to read and execute for the file "generate-report"' Sounds simple enough but I cant get it to work at all, tried doing a search in google and on the forums here to no avail. Is it possible to do in one command or will I need two?
Ive tried:
chmod g+w, uo+rx generate-report
And numerous other variants all with no luck.
So i am at the stage of about to install the basic system and am using a derivation of the package management provided by Matthias S. Benkmann. To this end I am using his useradd and groupadd scripts to update the files:
/etc/passwd
/etc/group
My issue is that when I run the commands(created as part of temporary system when installing coreutils):
Code:
/tools/bin/su linux
#then as user
/tools/bin/groups
(here linux is the name of the user) This only returns the user being in the group named after user but not the additional group of 'install' Also, prior to logging in as user, if I use this command as root:
Code:
/tools/bin/groups linux
linux install This then returns that the user is in the correct groups. Lines from relevant files look like:
Code:
#/etc/passwd
linux:x:10000:10000::/usr/src/build:/bin/bash
#/etc/group
[code].....
I have a file server running 10.04. I have a user that belongs to 2 groups (users is the primary and IT is the secondary). I have permissions set up so that this user and other users that belong to the IT groups can read/write files and others have no permissions whatsoever. I have also set the umask to 0007 so that any files created have the effective permissions. My concern is this: since my primary group is users, is it possible for me to create files with the owner group IT for only this specific folder?
View 2 Replies View RelatedHaving set up many windows servers with complex permissions on shared folders, I now have to do the same in Linux (and I'm such a noob to Linux) I understand that each file/folder is assigned a user + group, and that the rights can be set for the user, the group and global (aka everybody else) My challenge is this, inside my shared folder there is a folder that should be RW to some users, READ ONLY to others, and not accessible at all to the rest of the users. (lets call the folder MyFolder ) All 3 groups have more than 1 user, so they have to be groups (right?) How would this model work in Linux ? If there is no other way, I guess I can nest the MyFolder in a folder that has permissions to allow all users that may access MyFolder, and block the rest, then on MyFolder, set owner group the RW users, and set global to READ ONLY.
Ps : The server I'm setting up runs Debian Lenny, files will be accessed from windows workstations using samba.
my system I want user1 and only user1 to be able to mount and unmount a specific partition, this partition contains backups and is usually mounted read only, needs to be temporarily mounted read/write by user1 while doing the backup.user1 is an unprivileged user. I've read that the user option will let any user mount the file-system (and only that user can then subsequently unmount it) and that the users option allows any user to mount or unmount the file-system.I also found this in mount's man pageQuote:The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.So it looks like I'd need a login script for that user to make the user owner of the device file (/dev/voiceserv/backup in this case)
View 7 Replies View RelatedI'm trying out various windows mgrs and I'd love to be able to preserve certain key mappings...
...but what's REALLY important are the MOUSE KEYS!!!!!!!
I use the mouse left-handed. I can set that in Gnome or KDE easily, but if I go into, say Ratpoison, it's un-set again.
Is there a system-wide (or as close to it as possible) mouse setting?