Security :: Group Can Read, Write, But Not Delete?
Oct 14, 2010
Long time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?
What I want to be able to do, is have create a group, for example called "group1" and set its default permissions to read & write, instead of the usual just read.
So when I add a user into "group1" they automatically have read & write access to all files & directories which is in "group1".
Oh & I use crunchbang 10 (statler) for my desktops & Ubuntu 11.04 for my NFS/print/SSH/etc/etc server
I have a file the owner is root:root ( mode is 644 ), I want to release read & write permission to a non root user ( eg. admin_usr ), I tried to create a specific group ( eg. ADM ) and release it to root user and admin_usr ( by adding this users to ADM in /etc/group ) , but it is not work, if preserve the file mode to 644 , is it ok? how to do it if I want to have read & write permission in my case ?
I have several directories, each owned by root and a group of the same name,By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.I'm not on samba or NFS, I have to do this for SSH users.The filesystem is ext3.I started to fool around with ACLs, but couldn't find what I was looking for.
So I have just set up my cryptsetup.I can open/mount it by either "crypsetup luksOpen" or just clicking on the partition from the "Places" tab and it will ask me for a password and all.
The only problem is that I can't read or write to it at all. Everything is probably root, which isn't useful to me.
So how can I change it so that when I do either of those 2 methods for opening it, I can just fully use it, read and write and everything? As my user.
I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]
I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.
my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?
/bin /boot /dev /etc
[Code]....
-I and the other users use the pc for internet, open office and email mainly.
-It does not run server(s) like smb/cif or NFS.
-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.
I have a group (GROUP) with a number of users. I recently added a new user (NEW). NEW is able to read but not write group files, whereas all the other users in the group can read and write to the group files. The permissions for the group files indicate that all members of group should have write permission -rwxrwxr-x
/etc/group indicates that NEW is a member of GROUP ... GROUP:x:501:GROUP,OLD,OLD2,OLD3,OLD4,....,NEW
[code]....
Don't know if it matters, but both OLD and NEW write to the GROUP files over an internet connection. why NEW can't write to GROUP files? Is there a maximum number of members in a group that I might have exceeded?
I need to create a group that has the same permissions as the users group. Can I have the new group be a member of the "users" group to inherit its permissions?
I have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?
What are the possible problem when Windows access the file from Ubuntu got Read Only even though have a full permission to read, write and execute the file? Ubuntu to Ubuntu accessing the file there is no problem only Windows got a problem.
How would i write a command that can find all the objects under the etc directory that have group write permission enabled and have not been accessed in the last X days. This is what i got from internet souce but i m not able to modify it according to my distribution. find /etc -perm -0070 -a -mtime +X ! -type l?print Here is the exact statement from link i m referring to.
We are aware that unix has three sets of permission such as owner, group and others. I have a requirement to have a read-only access to a folder and sub-folders and the group that currently holds can't be used. Because it has write privileges. I would rather not prefer to use others, because it opens to each user in the system.have read-only access for another group?
how do i give group write permissions in fstab? i'm trying to mount a virtualbox shared folder. currently my fstab looks like this Code: Share_Name /mnt/point vboxsf rw,uid=1000,gid=1000 0 0 i want to give both the owner and group, write permissions. currently, only the owner has write permissions, and group read with these mount options.
I'm having an odd problem (although I'm probably missing something obvious to a non-semi-newbie):I have a directory used for samba shares which is owned by user fred, a system user which the windows clients on my network authenticate with to access the shares. I, roger, want to access the directories without having to put my 'sudo boots' on every time, so I made the directory group users and added roger to that group, and changed the file/folder modes from 0755 to 0775.However I still do not have write permissions inside the directory; I still seem to be considered 'other' and hence only have read and execute.
On RedHat 5 64-bit.I have a group that requires read-only access to the /var directory.I believe someone mentioned SGID and ACL stuff, and I've been researching this solution, but I wanted to check with you all first to ensure there wasn't an easier way to do this. Basically, I just need folks that belong in this certain group to read the contains of any file/directory contained within /var.
Code: mount /dev/sdd1 on /media/E0FD-1813 type vfat (rw,nosuid,nodev,uhelper=udisks,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush) cp 'Aankhon Aankhon Mein hum tum ho gaye deewane.mp3' /media/E0FD-1813/Music/sumeet/a cp: cannot create regular file '/media/E0FD-1813/Music/sumeet/a/Aankhon Aankhon Mein hum tum ho gaye deewane.mp3': Read-only file system The micro sd card mounts & works as fat32 in windows xp just fine.
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
share a mount"/RAID" on my server: 192.168.0.2 with everyone on my network.192.168.0.* From what I have listed below I am able to mount the share but I can not write or delete anything. It is almost like it is ro only permissions.
From the Server:
Code:
sudo cat /etc/exports [sudo] password for jesse: # /etc/exports: the access control list for filesystems which may be exported # to NFS clients. See exports(5).
[code]....
Eventually I need to share 192.168.0.2:/RAID on two OSX computers as well. I read some places where you need to add insecure to your /etc/exports on your server in order for the OSX client to access the the share.
On a server in an office, I want a situation where people on the client PC are able to write to a particular file, but not have privileges to delete it -
We have a linux(SUSE 10) server that authenticates against AD(Windows 2003). Problem is anyone with an AD account can ssh in to the server. We don't want anyone to be able to login via ssh only the users in one particular group. I have tried editing the sshd_config file and adding the group to AllowGroups but this doesn't work. I have searched google and have not had much luck in finding anything.
I did install QLandkartGT and the plugin to use Garmin with it and it looks like it work, but when I do press "Live Log" I get the error message; "Device Link Error. Failed to request real time position. Realtime thread failed. Failed to configure USB: could not set config 1: Operating not permitted".
I also get a similar error when trying to download tracks; "Failed to download tracks. Failed to configure USB: could not set config 1: Operation not premitted".
My guess is that Ubuntu do not allow programs to use the USB port, so my question is how I do allow this program (or all) to use the USB ports.
i have to write a shell script that will delete all the .dat files in /var/oracle/etl/incoming which the created date of the file is 7 days before the currrent date.
how to automount USB devices read-only for security in RHEL5? I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.I've hunted around and I can't find a clear answer and my various attempts have failed. I've looked at /etc/auto.misc, UDEV, and HAL. Here's where I'm at which isn't working.I have RHEL5 and from what I can tell HALD manages the automounting. HAL seems to have 2 primary directories:
/etc/hal/fdi -and- /usr/share/hal/fdi
The difference between the two is unclear to me.Based on some examples, I created the following file:
No matter what I call this file or where I put it, any USB device still mounts RW. How do I fix this? Am I correct that HAL is the right place? Looking through dmesg, it sure looks like HAL controls this, but maybe I'm wrong? I've also made various attempts to solve this with UDEV and /etc/auto.misc, so if it is one of those, I clearly don't know the correct thing to do there.
I want to use dual Monitor on Debian Lenny amd64, I have the nVidia 8600 GTS. I googled several times, I have to change the xorg.conf (as it seems) but I can't - no rights.
And there's another thing... I have a dual boot system along with the openSUSE HDD but I can't open it. And using openSUSE I can't read or write on the Debian's HDD. How can I change that?
I can't see any option for recursive directories in nfs in fedora 13.
This is my set-up:
Code:
Code:
save and exit.
Code:
When i mount the directory /media/Data from another Fedora 13 box i don't have read and write permissions for each and every file. The -R recursive option would be handy unfortunately this option is unavailable. The red hat docs have not been helpful in this respect.
Code:
Code:
The mounted partition is of the ext3 type. With the nfs-3g type i don't have any issue however most of my directories/partitions are of the ext3 type so i need get it sorted.
I changed my user name id number to the same number on all boxes thus giving me write access. There must be a better solution than this.
I just installed Ubuntu 10.04 on my system, and I put in a really old game CD for my really old computer. I cannot run the setup program , however because "it is not executable". I can't change this , because it is read-onlybut I can't chane this either. As I'm new to this, I was wondering .