I have a problem access privileges on several folders like this one
Code:
It clearly says that I have owner and group read write and search (it's a directory) privileges.
I login as user master part of group events
Code:
But I can't access the folder (Permission denied).
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
How can I create a user group that restricts Internet privileges to only members in the group, then I will assigns certain applications to join the group for access to the Internet.
For example, I want only group net to have access to the Internet. Group net is then connected to:
Code:
So far, I am using the gnome group policy manager that is standard with ubuntu but Its not working. It is possible that im misdirected and that I should use a firewall instead?
how to configure it. What I am trying to is this: I have a departmental folder housing two sub folders. The permissions on the parent folder for the department are 770 and the users from that department are all in a group based on their departments name.
One of the users who is granted access as a member of the group needs to be denided access to one of the two sub folders. How do I allow all users in the department into the first folder (this works already) but at the same time allow all but one into the second folder?
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies View RelatedI have several directories, each owned by root and a group of the same name,By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.I'm not on samba or NFS, I have to do this for SSH users.The filesystem is ext3.I started to fool around with ACLs, but couldn't find what I was looking for.
View 3 Replies View Relatedon the following link [URL] section 2 says
Quote:
The following directories need to be readable, writeable and executable for everyone:
* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/
[Code].....
I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.
What commands would someone use if they wanted to see their group priveledges, like if they were in a super user group or various groups.
View 1 Replies View RelatedAfter freshly installing Lucid Lynx and tinkering for some time to get everything just how I like it, I managed to somehow remove myself and all other users from all groups. Now, obviously, I've restarted and I don't have root privileges as I am no longer a member of admin group. So I am somewhat stuck. I've looked at this page: [URL]. But annoyingly, there is no grub menu appearing on boot up (unlike previous Ubuntu versions). So I'm appealing for your help to either:
a) Show me how I can bring up the grub menu so I can access ubuntu in safe mode
b) Show me another way of accessing the system with root privileges. (Would using chroot from the Live CD work? I just thought of that now so I'll try it).
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
I'm having a permissions problem with Ubuntu and apache. There are two users, I'll just call them A and B. All of the files belong to A and group root. I'm logged in as B and I have admin privileges. My website is working just fine but when I create a directory in the web root, change the owner to A on the directory and all files I still get a Permission Denied error when I try to access it from the web. I've also set permissions to rxwr-xr-x on the directory and all the files. So I don't understand what's going on. Why am I still getting a permission denied error?
View 1 Replies View RelatedHaving read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedI need to create a group that has the same permissions as the users group. Can I have the new group be a member of the "users" group to inherit its permissions?
View 4 Replies View RelatedI have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?
View 7 Replies View RelatedI've got a problem with groups on linux (slackware). I'm trying to ssh from one computer into another to do some work, but I'm running into permission issues.
If I do the work locally as a user
If I do the work with ssh as root
If I do the work with ssh as a user ;(
Both computers are mine. (By locally, I mean physically sitting by that computer logging in the normal way.) When I log in locally as a regular user I'm a member of the following groups: 'users floppy audio video cdrom' But when I ssh into the same computer, being the same user, I'm only a member of the group: 'users'
Q1. What gives? Where/How can I change this?
Q2. Also, where do linux/slackware store the group information? According to /etc/group I'm only member of 'users'. Where does it keep the info that I belong to 'users floppy audio video cdrom'?
Me and 2 others are working on a website (Bob, Mike, and Joe). We made a group called developers and each of us are in the developers group. The Apache server runs as www-data. When we upload files, the file owner is the users name and the group is "developers".
/etc/group has the following
Code:
www-data:x:33:
bob:x:1000:
mike:x:1001:
[Code]....
I have always just set everything to 775 and just called it good. Well I don't want to wake up to a Russian political message plastered all over the site. It's time I do things properly.
I'm using ubuntu 11.04, I'm having some problem of ownership while sharing folder/files. to share i change the folder share option:1. Share this folder, then followed by 2.allow others to create and delete files in this folder3. guest access.Now if someone in my local network edit any file and save it, it gets locked. if some one copy their file in this folder the permission is marked as "no group" "no owner". and they get unaccessible to me. i tried doing chown <user> <folder> but it says Operation not permitted. Now how i can possibly share my folder on local network so that they can be edited by others without getting locked down , if they copy files i can able to modify them.
View 2 Replies View RelatedI've installed slax6 onto an ext3 partition and setup a users account, i've also just managed to mount some virtualbox shared folders which are working and i can access them fine. The problem is I cannot seem to give limited user accounts access to them. root can access them no problem! but right clicking and changing the permissions do nothing, because once I click apply, reopen the menu, the changes have reverted. I've tried chmod'ing them.. chmod o=rwx /mnt/folder I used 'o' because I can't seem to change the group permission for the folder. The shared folder I am mounting is formatted in NTFS and the other in ext3, I can't change the permissions of either.
View 5 Replies View RelatedHow would i write a command that can find all the objects under the etc directory that have group write permission enabled and have not been accessed in the last X days. This is what i got from internet souce but i m not able to modify it according to my distribution. find /etc -perm -0070 -a -mtime +X ! -type l?print Here is the exact statement from link i m referring to.
[Code]..
What's the best location for a folder intended to be used as a group storage location? In other words, I want a folder called "examplefolder" belonging to a group named"examplegroup" that can be accessed by everyone in that group. Is home/examplefolder the best location or elsewhere?Edit:The folder needs read and write permissions, so /usr would not work. Does anyone think /var would be appropriate? What about something in the root like shared? Is there a reason not to use /home/examplefolder?
View 2 Replies View RelatedI'm having an odd problem (although I'm probably missing something obvious to a non-semi-newbie):I have a directory used for samba shares which is owned by user fred, a system user which the windows clients on my network authenticate with to access the shares. I, roger, want to access the directories without having to put my 'sudo boots' on every time, so I made the directory group users and added roger to that group, and changed the file/folder modes from 0755 to 0775.However I still do not have write permissions inside the directory; I still seem to be considered 'other' and hence only have read and execute.
View 6 Replies View RelatedWell, this is a problem that keeps on coming, and I never found a solution: Maybe it is just me misunderstanding how it should work, but:
1) do you confirm that, as a member of the group "fuse", I should be able to read the file?
2) of course, I could change the permission of the file, or read it as sudo, but sometimes this is not possible. how to achieve it then?
I am on the admin account of my computer and am trying to remove all privileges from CWD i have tried
chmod go-rwx ~
sudo chmod go-rwx ~
but when i pull up
ls -l ~
It is still showing permission in the g and o column.
I have a file the owner is root:root ( mode is 644 ), I want to release read & write permission to a non root user ( eg. admin_usr ), I tried to create a specific group ( eg. ADM ) and release it to root user and admin_usr ( by adding this users to ADM in /etc/group ) , but it is not work, if preserve the file mode to 644 , is it ok? how to do it if I want to have read & write permission in my case ?
View 5 Replies View Relatedi want to set permission type "write" on a file to a particular user in a group of users ( not all users in that group). chown is changing a user to root , but i want to set say permission of "write" only to a user 1 in group staff which contains 10 users 1 , user 2 ...user 10.
View 3 Replies View RelatedI have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
View 5 Replies View RelatedHow would i remove rwx permission for group and other users for all hidden files (except . and ..) inside /root using a one line command.
View 4 Replies View RelatedHere are some example files that are shared through samba:
-rwxrwx--- user1 group1 file1.txt
-rwxrwx--- user1 group1 file2.txt
When user2 (who is also a member of group1) edits file2.txt the permissions change:
-rwxrwx--- user1 group1 file1.txt
-rwxrw---- user2 group1 file2.txt
user1 then has issues opening the file. This also goes for new files that are created (they are missing the group execute permission).
I have set the option "create mask = 0770" in my smb.conf. Without this set, permissions default to something like -rwxr--r--
How to Drop all elevated privileges through terminal?
View 7 Replies View Related