Ubuntu Security :: Setting Permissions For Www User Only?
Mar 19, 2010
I wanna make a small web server for local use , I've installed apache, every thing works fine I'm the root
I wanna protect the folder that contain the htdocs files (www), i don't want any users that not in root group to access (not even read)
I changed the permission of the htdocs folder as next
Owner: www (apache user)
per: creat , delete
group: root
per: creat , delete
other: none
it only works on the main folder that i changed its permissions ! not all sub folders and files ! were my steps right ? and are their anyway to change all folders and files at once ?
View 4 Replies
ADVERTISEMENT
Oct 29, 2010
I tried to place a mono icon in usr/icons/etc but I didn't have the permission to do so. I tried to change my user profile to Admin, thinking I could go back to custom, but that hasn't and it isn't allowing me to go back to my previous setting.
Within minutes of being an Admin user I noticed I couldn't even unmount something. I really need to figure out how to change my profile back to default.
After that has been dealt with, I would like some guidance on how to gain root access to put my icon where it needs to be.
View 1 Replies
View Related
Nov 26, 2010
We are a school and we share a samba folder with students and teacher groups. What we are trying to do is:
- Give students group users the permissions to rwx own files in folder
- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.
- Teachers can do anything with files in folder
As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?
View 1 Replies
View Related
Feb 23, 2010
one thing i can't seem to be able to do is give the guest account just these permissions: using firefox (or other browser) and using one file directory and using a text editor. means the guest can browse the net and sefe some infos form that - nothing more. the previous version had something like that, it was really easy for me, a noob, to do it with two or three clicks. if this possibiility exists, what to do. if it's not implemented... maybe it should be. 'cause many people let others use the computer but don't want any complications...
View 6 Replies
View Related
May 25, 2010
i wonder, why nobody has written about it ...
How can i grant permission for files to specific user or specific group ??
Updated:
We have 3 groups: "g12" ("u1" and "u2), "g34" and "g56".
"g12" should only read the file.
"g34" should write and read it.
"g56" should have all permissions (rwx).
And others should not access the file at all.
View 3 Replies
View Related
May 19, 2009
I am currently trying to replace my Windows Server with a CentOS 5.3 box running nfsd for file serving. I have it all up and running however I cant see anyway of securing user access rights to the shares as all you need to access them is just clone the User ID of a user authorized to access the share of any Linux system which seems a bit insecure to me? I was wondering if there was any advice on securing access to server shares in CentOS.
View 2 Replies
View Related
Jan 30, 2010
I'm struggling to understand an aspect of mounting and mountpoints with /etc/fstab. There is a large number of sites and threads that make recommendations using things like uid, gid, umask, and other options. These methods, however, which I've used, are file-system specific, useful only for filesystems such as (V)FAT and NTFS that allow them.My current situation is that I am mounting partition /dev/sdb5 in, let's call it /media/myMount. My goals:Mount this partition automatically upon boot using /etc/fstab...The partition should be fully accessible only to a specific user or group.What I've done is create the mount point in /media:
If user michapma were to carry out the mount, I believe it would work; however, I want the mount to happen automatically during boot. So, how can I achieve my user (or group) permission goals for this and any other such partitions using fstab?The manpage for mount has been helpful, but after reading many tutorials and forum threads, the only way I know how to do it is to have the user do the mounting or rely on the file-system specific options.
View 2 Replies
View Related
Mar 21, 2010
I'm using ubuntu 9.10. I used the command:
root@aduait-laptop:~# sudo chown -R root:root /media/104B-FF96/Private to set the permissions of Private folder for root but it is giving error:
Code:
root@aduait-laptop:~# sudo chown -R root:root /media/104B-FF96/Private
chown: changing ownership of `/media/104B-FF96/Private/5.jpg': Operation not permitted
chown: changing ownership of `/media/104B-FF96/Private/6.jpg': Operation not permitted
chown: changing ownership of `/media/104B-FF96/Private/7.jpg': Operation not permitted
[Code].....
View 5 Replies
View Related
Apr 8, 2010
I just added a new user to my ubuntu:
sudo adduser james
When james logs in he access his folder BUT he can also access other user's folders. How can I prevent his access to others? I wish to restrict his account to his folder only (he can read/write).
View 5 Replies
View Related
Jun 5, 2010
How do I add root permissions to my user account?
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
View 12 Replies
View Related
Nov 21, 2010
I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
View 9 Replies
View Related
Jul 23, 2009
Picture the following:On computer A, local user John (and John alone) has rwx access to file1.txtComputer B also has a local user account named John. If file1.txt was to be copied from computer A to computer B, would the user account John on computer B be able to access it?I guess this wouldn't work using two windows computers due to the User name / GUID relationship. Maybe linux has something similar?
View 4 Replies
View Related
Jul 16, 2011
look at this : Uploaded with ImageShack.us how can set permissions in linux like this? I want one user can delete files but can't modify them and ... in linux i have 3 group to assign read write and execute them. is ntfs flexible than linux file system?
View 4 Replies
View Related
Jun 22, 2011
As I was researching on how to create a kiosk Ubuntu setting I came upon a suggestion to create the user with '/usr/bin/screen' shell option.Hope you all would forgive me for this noob question but what does this mean? I saw when I checked the Advance Settings Advance tab that there are a couple of possible options there, what do they mean and how will they affect the user profile I'm creating? I tried google for this and if my understanding is correct, these shells are suppose to be programmable and a scripting language for linux but I'm confused on what effect this has on the user profile I'm creating?One thing I notice though is that with the '/usr/bin/screen' option, the user account is refused of the Applications > Accessories > Terminal option.When I googled each one of the options I'm getting more confused as to the relevance of this to the user profile.
View 3 Replies
View Related
Feb 24, 2011
However, configured a website on a dedicated server using WHM/cPanel. The site was uploaded using the master account for the website.
The security issue is public users are able to upload files on to my server via the website. They could even access the root and execute whatever they want on the server.
I have consulted with 2-3 Linux experts. According to them, the PHP user has rights to execute anything on the server or upload & store files in whichever folder they want.
Can I protect my folders to avoid file uploads via the website. The application has security vulnerabilites. However, I want to prevent hackers to enter my site until the vulnerabilities are fixed.
View 2 Replies
View Related
Apr 16, 2010
I want to limit what a authenticated user can do on my Linux server. I've set the default shell to rbash, but I know a knowledgeable user can switch shells. Can I use file permissions to deny execution rights to /bin/bash to anyone who is not in a particular group? And if that works, how do I find out what other shells are installed on my server (Ubuntu 9.10)?
View 7 Replies
View Related
Mar 18, 2010
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
View 5 Replies
View Related
Jul 7, 2009
i am trying to set the file permissions for the log files "/var/log/Xorg.0.log" and "/var/log/gdm/:0.log". These files seem to be created when a user logs into a whokstation (my guess so far). I am trying to comply with a security mandate that all log files in the directory /var/log are set to 0640. The two mentioned files always seem to have the permissions 0644, does anyone know where and when these filea are created and how I might set the permissions when the files are created
View 1 Replies
View Related
Dec 29, 2010
I recently got an old computer to use as a server and I have a whole list of things I want to do on it, but I'm having difficulties.When I installed the server, I installed AMP, FTP, Samba, CUPS, and some other items. I made a user account called 'nessdan' which (currently!) is in these groups:
www-data adm dialout cdrom plugdev lpadmin sambashare admin
The www-data group was added because I wanted to FTP my site files into '/var/www/' . Okay, that ended up working out for me. This is where things got sticky. I installed PHPMyAdmin and the files went to '/usr/share/phpmyadmin/' . I wanted to install a new theme so I downloaded it onto my Laptop, then logged in via FTP but couldn't transfer files into there! It turns out the folder was owned by 'root' and was in the group 'root'. The only thing I could come up with was to change that folders permissions so the owner was 'nessdan' and the group 'admin'. I was going to do that to the entire /usr/share/ folder but I didn't know whether or not I should be changing the permissions in the first place.
But the the trend continues! I have my print server setup and working but I wanted the server to hold the Windows drivers, so I went to '/var/lib/samba/' to do some work but noticed that a lot of the files' permissions were locked down to read only and the owner and group were 'root' . I ended up doing a 'chmod 775' and changing the owner and group to 'nessdan' and 'admin', respectively. Well I transfered over the files but now the service nmbd isn't working. The good news is, I expected to mess something up along the way and had already planned on reinstalling Ubuntu Server 10.10. I've only had the server for 4 days now and I knew from the beginning I'd be wiping it clean. I want to know how to set this thing up proper and the biggest problem is getting access into folders so I can FTP into them.When I do wipe my PC clean and start anew, how should I go about the changes that I did before (PHPMyAdmin, Samba Driver Folder)?
View 2 Replies
View Related
Mar 17, 2010
I'm running Apache2 under uBuntu 9.10. My problem is that I use my own user "wavesailor" to work on my websites. I kept all my sites under /var/www and I set up the security of the directory after following the guidelines.
Code:
sudo chown -R root:root /var/www
sudo chown -R www-data:www-data /var/www/*
[code]...
View 4 Replies
View Related
Nov 29, 2010
I have just formatted a partition that had contained a windows OS, it is now formatted to ext4 and is dev/sda1 dev/sda2 contains my Ubuntu OS and all files although the empty partition shows up in Nautilus I cannot write to it as it is owned by root.I have done some research on changing the permissions on this, but am none the wiser!!
Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command.I cannot find gksudo and do not know what commands to use in the terminal to achieve my goal. I am in totally unfamiliar territory here, and need some fairly simple explanation and guidance to be able to claim my empty partition so I can read from and write to it.
View 7 Replies
View Related
Jun 26, 2011
I have a file server running a cronjob to reset file permissions on a regular basis. I was thinking, I wonder if there is a way to do the chmod and chown command in a single command, as I always have to do both on the same folder, the way that you can do "chown root:users Uploads" instead of having to do two separate commands for chown and chgrp.
Then I got to thinking, are these commands even necessary? Every file copied or moved into these folders by any user needs to be something like "chmod 750" and "chgrp root:users", so rather than running a cronjob to do these modifications at regular intervals, there ought to be a way to set the folder permissions so that any files contained within will have these permissions.
The problem arises because users create documents, then a supervisor with elevated privileges can move those documents into a shared folder, however the permissions are wrong, they are user1:user1 for the owner and group and the other users can't read the file until a cronjob changes the group to be users. This has actually been acceptable, but certainly there is a better way to do this.
View 7 Replies
View Related
Sep 1, 2011
2 computers, Ubuntu 10.04 and Ubuntu 8.04. I have 2 folders named In and Out. Out I have set up on 10.04 for guest use. I am able to transfer files to 8.04 from that folder. Trying to set up In for a specific user to modify files. This requires a login. Both computers have the same user name and both have the same password. I set the file permissions automatically from 10.04 when electing to share In for allowed modiying. When trying to access In using 8.04, a password request window is generated with the user name already showing, and the domain name filled in as "Workgroup". The user name that shows is my login name, by the way.
View 2 Replies
View Related
May 20, 2010
I'm attempting to set up a Samba share on my lab's small server (Ubuntu Server Edition, 10.04). It looked easy enough, but the share that I set up didn't allow anyone to actually put anything on it: no uploading stuff, etc. (You can still upload files via the command line, so I implemented the unix extensions = no fix). The share is writeable and visible, and anyone can access it (according to the Samba GUI). According to the smb.conf:
[Share]
path = /home/something/Share
writeable = yes
;browseable = yes
guest ok = yes
The other Windows machines in the lab see the new server and its share automatically, although they can't make changes to it, like create a new folder in the share. Most of my lab uses Snow Leopard (OS X 10.6), and a few others use Windows. I can connect to the server using my MacBook either through the terminal or Finder -> Go -> Connect to server -> smb://blah.someplace.edu without problems.
I can do pretty much anything via the command line, but not through the Finder! If I want to create a new folder, it gives me an old-school error message (stupid blue face): "The operation can't be competed because you don't have the necessary permission." If I want to drag-and-drop a file from my desktop to the Share folder, I get a pop-up window (lock + blue face): "Type your password to allow Finder to make changes." If I do, then I get another pop-up: "One or more items can't be copied to "Share" because you don't have permission to read them. Do you want to copy the items you are allowed to read?"
View 3 Replies
View Related
Dec 11, 2010
Is it possible "reset" all (X, GDM related) permissions/settings of one user? What would cause one specific user not to be able to log into anything via gdm/the login screen? After providing the proper password, the screen goes black and then jumps back to the login screen. No session alternative works, not even xterm or gnome failsafe. I can however log in via the console (Ctrl+Alt+F6, recovery etc). With another user I can log in via GDM just fine, and deleting and re-adding the "broken" user doesn't make any difference.
Some (maybe) relevent logs:
part of syslog:
Quote:
Dec 12 01:20:58 <specific user> pulseaudio[1358]: core-util.c: Home directory /etc/timidity not ours.
Dec 12 01:20:58 <specific user> pulseaudio[1358]: lock-autospawn.c: Cannot access autospawn lock.
[code]....
View 2 Replies
View Related
Nov 16, 2010
First let me say that Lubuntu is a lightweight version of Ubuntu, so there is not much point in loading it up with unnecessary packages. If you just want to share printers on a Linux network, you don't need Samba. And if you just want a way that users can "push" files to others on a network, use Giver (+ Avahi) as this is a better option. Especially as it sorts out file permissions for you.
To enable file sharing on a Lubuntu 10.10 machine, go to Preferences > Synaptic Package Manager and add the following:-
* samba
* system-config-samba
* gvfs-bin
* gvfs-backends
...accepting any dependancies, 11 packages in total.
I suggest you re-boot now. As an initial test, go to file manager (pcmanfm) and enter:-
smb://localhost
You should see the local print$ folder listed.
To access folder shares remotely
* open file manager (pcmanfm)
* enter the IP address or computer name of the machine you wish to access
e.g. smb://192.168.0.99 or smb://print-server
To share a folder:-
Go to: Preferences > Samba (enter password when requested)
In the Samba Configuration screen:-
* File > Add Share
* use Browse... to select folder to be shared
* Tick "Visible" and (if required} "Writable"
* In the "Access" select "Allow access to everyone"
Set the Linux permissions:-
* locate the folder to share in file manager
* right click on the folder and select Properties > Permissions
* set the required permissions, e.g. Other: Read & Write (to allow anyone full access)
View 7 Replies
View Related
Jun 28, 2011
I am experiencing strange difficulties with Samba. The permissions aren't set correctly, when creating a file or a folder on the mounted samba share.
My smb.conf looks as follows:
Code:
[shareOffice]
path = /home/shareOffice
writable = yes
browseable = yes
create mode = 0777
directory mask = 0777
force create mode = 0777
force directory mode = 0777
Now if I create a regular file on the folder:
Code:
touch testFile; ls -l
The permissions turn out to be:
Code:
-rwxr-xrwx 1 simon share 0 2011-06-28 21:42 testFile
Why the w bit on the group is missing? If I play around with the create mode / force create mode, I get every other possible permission output --- except the write access for group members.
View 3 Replies
View Related
Apr 2, 2010
I wanted to assign ownership of my choice to my zip file while unzipping so I am using the command:
unzip yourfile.zip|awk -F": " '{print $2}' | xargs chown user.group
I also want to give 705 permissions to all directories and 777 to all files on unzipping?
View 3 Replies
View Related
Feb 27, 2010
i am trying to finish up a lab in that i have i have some accounts created under groups called "mgmt" and "pl". I am trying to figure out how i can get the guys in "mgmt" to be able to modify files in a directory called "mgmt-final" but the guys in the group "pl" will only be allowed to read those files.
View 5 Replies
View Related
May 29, 2010
I have set up freenas with 3 1tb hard drives. I have set up the SMB shares for the drives and can view each shared drive from each of the machines on my network. I can copy files from the hard drives, on the freenas but when I try to copy a file to the Freenas hard drives I get a message that I need permission to do this. I have all my shares set as anonymous how do I change the permissions so that I can save files to the drives.
View 1 Replies
View Related
