Ubuntu Security :: Restricting 'cd' Access To Directories Without Adjusting Permissions
Apr 13, 2010
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies
ADVERTISEMENT
Feb 15, 2011
I'm trying to write a script that uses the 'du' command to make essentially a text-based filelight type program. It should scan the current directory for the file's sizes and display them in order largest to smallest (or vice versa). The user should be able to go throughout the file tree and see child directories scanned for the sizes as they're accessed. I just need to know one more thing- how can I restrict the displayed results to the current working directory? would a grep for the output of pwd suffice? just getting some thoughts before i try and possibly dig myself a hole.
View 1 Replies
View Related
Feb 16, 2010
I need some kind of step by step process to restrict my users to only have access to directories that I specify ? For example user joe can only access his home directory, read access to /tmp and read access to /var/log/httpd
View 1 Replies
View Related
May 15, 2011
I want to make a webserver with multiple users allowed to login through SFTP to a specific folder, www.Multiple users are added, lets say user1 and user2, and all of them belonging to the www-data group. The www directory has an owner www-data and a group www-data.
I have used chmod -R 775 on the www folder, but after I try to create a folder test through my SFTP server (using Filezilla) the group of the directory created has only r and x permissions, and I am not able to log in with the second user user2 and create a directory within www/test due to a lack of w permission to the group.
I also tried using chmod 2775 on www directory, but without luck. Can somebody explain to me, how can I make it so that a newly created directory inherits the root directory group permissions?
View 2 Replies
View Related
Mar 3, 2010
I am setting up a new ubuntu server, and I am quite new to linux. This server will be used as code repository for a project I am going to be working on. I plan to setup 3 groups for users: dev, test, doc
- for various developers, testers and documentation users.
I would like to setup the following permissions on the main code repository directory:
dev - write permission
test - execute permission
doc - read permission
public (anyone outside these groups) - deny all access
I am unsure what chmod setting to use, or if this is even possible in ubuntu.
View 2 Replies
View Related
Jan 23, 2011
What should I do if I want to allow access to USB flash drive selectively - Say for e.g. All permissions for "root", "Read/Write" for user "A", Only "Read" for user "B" and user "C" shouldn't be able to access or mount (no permissions) the USB flash drive at all.Also I want to do it by modifying entries in some files or by some commands (so that it can be done programatically if needed)
View 5 Replies
View Related
Apr 3, 2009
I have several directories, each owned by root and a group of the same name,By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.I'm not on samba or NFS, I have to do this for SSH users.The filesystem is ext3.I started to fool around with ACLs, but couldn't find what I was looking for.
View 3 Replies
View Related
Jun 29, 2010
I have a desktop (picard), and I want to be able to connect to it from my sisters laptop (zuma) to quickly scp files from my machine to hers. At the same time I don't want the whole world to be able to connect to my machine via SSH. We're connected through a router. I've tried adding the line
"ListenAddress 192.168.0.0"
to /etc/ssh/sshd_config, but this prevents me from being able to connect to my machine from another on the network. From my understanding of the ListenAddress directive, I would assume "ListenAddress 192.168.0.0" would allow my sister's address through (192.168.0.192).
Am I missing something?
View 1 Replies
View Related
Feb 4, 2011
In my office i want to setup a Linux machine for public usage , in this machine i want to restrict/deny access to certain applications (ex:- k3b, xterm , pdf reader etc) for certain users/group of users as per the office policies.
1)By what method/procedure i can achieve this objective ?
View 3 Replies
View Related
Jan 25, 2011
Is anyone aware of a detailed "flow chart" -- arrows and decision diamonds, etc -- that describes the file access and permissions processing? I would love to see that diagram. Years ago on a platform far away (Digitial VAX/VMS) their manuals had such a flow chart that covered not only the user-group-owner and read-write-execute permissions decision making but also include "access control list" processing at a superficial level. If someone has access to the VAX/VMS flow chart, that might be a start toward sorting what linux does.
View 4 Replies
View Related
Apr 11, 2010
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
View 9 Replies
View Related
Nov 7, 2010
We set up a server with my friend (still newbies ) a couple of months ago using Ubuntu 10.04 LTS server edition and agreed to let some folks at school to use it to install drupal on it for teaching and learning purposes. So the idea is that there are multiple users that all install drupal in their home folders separately using SSH and continue from there on etc.
Everything is set up for that to work (domain, settings etc), but there's one thing nagging me, and that's how everyone can look at everything on the server. They dont have rights to modify anything but can look at file listings and view inside files etc.
So how do I restrict the viewing rights of users to inside their home folder, BUT so that they can use the cd command to go to folders inside their home folder, but not outside of it. As far as I know rbash purely keeps you inside home and allows nothing else, so that doesn't work, because you need the cd command.
View 6 Replies
View Related
Feb 5, 2010
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies
View Related
Jan 14, 2010
I have a small home network with a router to the outside world and an ubuntu server through which traffic passes first.My ISP limits my download usage during the day, which traditionally has not been an issue, but now the children come in from school, boot up the internet and up goes my usage!Ideally I would like to be able to restrict them to IM and maybe certain specified URLs (I think the latter probably needs to use Squid though?). Once the download limits are lifted, I would like my iptables to allow HTTP, etc, but pretty much block most other things.
I have two sets of iptables currently to approach this issue, with a cron job that runs to swap between one and the other.Chains run in order, so if rule A says allow x, and rule B says drop all, then X should still be allowed. However, try as I may, this is not what happens in practice. I have even tried changing the overall order from ALLOW to DROP in FORWARD and then approach from the other angle. That didn't work either. *IS* it actually possible to block all but http / https and IM? These are myrules:
Code:
# Generated by iptables-save v1.4.4 on Sat Jan 9 19:15:49 2010
*nat
:PREROUTING ACCEPT [583:45175]
:POSTROUTING ACCEPT [694:60887]
:OUTPUT ACCEPT [143:18642]
[code]....
View 14 Replies
View Related
Apr 22, 2010
I have an internet and mail server installed CentOS, and I want to restrict client machines to access a certain website, e.g. if i want restrict users from accessing the website: www.mydomain.com, How do I do it?
View 6 Replies
View Related
Jul 12, 2009
I've got a question about chattr command. is it possible to restrict a root access for this command. what i want is something similar to freebsd behaviour aka the kernel secure level. setting a particular security level results in limiting some operations (i.e changing immutable flags on files) by root. well, if someone gained an access to a machine in some way, nothing would stop him changing the file's flags. so the question is if it can be achieved with selinux?
View 2 Replies
View Related
Nov 26, 2010
Every developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
View 1 Replies
View Related
Mar 17, 2011
I run a system that users may log into either remotely or physically. Multiple users may be logged in simultaneously because of the remote access, but only one user can be physically logged in at a time.With the current setup, however, if the physical user inserts a flash drive (which the OS mounts automatically) then the remote users gain access to the removable media.
View 6 Replies
View Related
May 26, 2011
i installed tomecat6 in Linux server i deployed xyz.war file and jkmonunt in Apache this is for out side usage recently i deployed one more war abc.war i din't mount in apache this is internel application usage purpuse in my application i tried to call this abc.war (http://X.X.X.X:8080/abc/abc.war) but i am unable to access this folder i checked the iptable rules i gave access permission in 8080 port.
View 2 Replies
View Related
Oct 4, 2010
I'm planning a NFS share for a small enterprise (25 NFS clients). I need to create a directory structure but I'll need to set up differents permissions (rw/ro) to some directories of the tree. I wonder if it's possible to grant access using groups IDs, so that would be ideal for this application. Is it possible? I was thinking that I would kneed some kind of centralized user info, such as NIS or LDAP. Is that necessary?
View 4 Replies
View Related
May 1, 2010
I try to use rsync for backing up some directories and I have to following problem: some files have permissions that prevent me from running rsync under my own user id. So I run it under root using the option "-a" which according to the man page should preserve the permissions, owner and group information:
However, when I run this under root, the directories created in the backup location get user root and group root while ordinary files keep the original user and group. What am I missing here? How can I get rsync to preserve the user and groups for all files, including directories?
Here is a command to illustrate my problem
Code:
sudo rsync -a /home/youruser /tmp
If you try that and terminate with Ctrl-C after a few seconds, there will be a directory /tmp/youruser where the directories contained within are owned by root group root.
View 2 Replies
View Related
May 4, 2010
I recently accidentally deleted a wrong directory of images from a USB memory stick, which I managed to successfully recover using Photorec . Photorec created a couple of directories (which I asked it to put in Documents), which i was then able to re copy back onto the USB disc. My problem now however is that I do not need that almost 4GB of files on my PC but I cannot delete them since the files are all root owner, and being somewhat new to ubuntu I am not sure of how to go about changing the permissions and deleting these files.
View 4 Replies
View Related
Mar 22, 2010
I tried using Nautilus - nada (under root no less). Tried using file browser (nada again) Tried going to "places" and the directory I wanted - right click, permissions won't let me change squat. The folders I want to change are shared folders on my network at home and sometimes I transfer files between computers to different places. Can't do it tho, cuz of the permissions. Is CHMOD the answer? If so, how do I do it? For instance, In terminal, I issued the command (as root) chmod 777 movies I thought this would allow any device in the house to write to this directory, but the permissions didn't change at all. So what do I have to do?
On my Ubuntu machine I simply run Nautilus as root and it allows me to do this.
So what's different in Fedora?
View 3 Replies
View Related
Apr 30, 2010
I need to backup some Directories but
sudo chmod 777 *
Wont include permissions for daughter dirs
View 2 Replies
View Related
Nov 18, 2010
I'm just wondering: I know that umask sets the default file permissions for files, however I want to know if there is anyway to set default file permissions for newly created directories.
For example, I want my user to create new directories that anyone can access and modify (777) but I want the new files the user creates to be 755 (read by everyone, written only by user).
Is this possible?
View 1 Replies
View Related
Nov 5, 2010
i have an ntfs mount that i wish to change permissions of individual directories.i have mounted many ntfs volumes successfully, mounting is not the issue. the issue is that when mounting, i need to specify 'blanket' permissions, owner, group etc. i have no idea how to change permissions for individual folders.
View 2 Replies
View Related
Sep 10, 2010
What is the single command that will remove all 'other'permissions from all files and directories under /home.
Just starting to learn Linux.
View 1 Replies
View Related
Feb 16, 2010
I am using chmod(), function to set permissions for my files/directories.How can I set -R flag for it???
View 4 Replies
View Related
Oct 20, 2009
I am running Ubuntu 9.04, and wish to share a folder to be accessed without logging in via Windows Vista. If I set up the share through the nautilus right-click menu and enable "Guest Account", the share is inaccessible. The folder shows up, but it fails to mount. Vista says that it can see the computer, but not the shared folder.
The folder is
/home/william/shared
The only way I can get it to work is if I change the permissions of the folder /home/william to allow Others to access files.
View 1 Replies
View Related
Feb 6, 2010
i have installed linux4 on vmware and now i am to copy any file but not able to paste it in any directories and when check the permissions there is no write permission for any of the directories .Not able to use chmod to change the directories permissions.
View 4 Replies
View Related
