Fedora :: Grant Certain Group Read-only Access To / Var Directory
May 30, 2010
On RedHat 5 64-bit.I have a group that requires read-only access to the /var directory.I believe someone mentioned SGID and ACL stuff, and I've been researching this solution, but I wanted to check with you all first to ensure there wasn't an easier way to do this. Basically, I just need folks that belong in this certain group to read the contains of any file/directory contained within /var.
I am trying to setup a Rsync backup method.I have multiple files and folders all OWNED by different users.Now I can read the files as root.But I want to make a user for RSYNC that can ONLY read all these files for copying them across.It requires to create a non password login and I dont want to do that with the root user ! I have tried to create a new user and use 'setfacl':setfacl -m u:someuser:r /var/test.But when I su to 'someuser' I cannot copy the files to my homedir. So I think it wont work for rsync also.
I am trying to set up an ampache server using apache as the webserver. The instructions have the following line as one of the requirments: Your webserver has read access to the /sql/ampache.sql file and the /config/ampache.cfg.php.dist file..I have essentially zero experience with apache, and I'm not sure how to grant read access to a file.
We are aware that unix has three sets of permission such as owner, group and others. I have a requirement to have a read-only access to a folder and sub-folders and the group that currently holds can't be used. Because it has write privileges. I would rather not prefer to use others, because it opens to each user in the system.have read-only access for another group?
I have a directory that needs to be owned by nginx user and I need to access it via other users in order to add/edit/delete files in it. So I created a group called www and added both then chgrp -R on the directory. However I am still getting a "unavailable to access no permissions" sort of error in my SSH/SCP/what ever you want to call Mac's Transmit. ls -a output drwxr----- 3 nginx www 4096 Jul 17 23:56 nginx
I have a log server that collects logs from all the cisco devices on our network.he company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.
Code: drwx------ 65 root root 4096 Apr 29 7:38 rsyslog The cisco folks are requesting access to these logs, which is allowed by company policy.
I'm using Kubuntu 10.04 at the moment. Every time I log in, KDE Wallet asks me to give a password so that Kopete can access my login password to login. Is there any way you can 'grant permission' to access the wallet for certain applications so that I don't have to fill in my password every time?
I have wicd 1.6.1 (bzr-r426) and it is working very good with my root user but with all those which have not the root rights wicd asks for superuser password to connect. I want to avoid this pop-up window to be shown, how can I proceed? I first thought about the sid and gid but it seems that there is no improvements using chmod 4755 and 2755 on the different files involved in.
I have a JavaCL program trying to open a port on 41xxx and it is getting permission denied unless I run it as root. I would like to grant a single user this permission for opening this port. This program runs fine on a vanilla ubuntu install but not on server. Where does Ubuntu handle user permissions for opening ports?I understand this is typically a no-no on a server but this is an unusual circumstance.
Is there any way to grant access to non root users to use some commands like reboot and date and some other commands that root user can work with .I tried chmod on their binaries and added them to root group but nothing happened.
I'm running a server using CentOS 5 x64 I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] so what i wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it.
I got this error message when installing Fedora 11 by an installlation DVD (download from [URL]) Unable to read group information from repositories. This is a problem with the generation of your install tree. This error message appeared after the step that the installer asked me to choose where to install boot loader and configure the GRUB boot menu. The error message came with two button: [Retry] and [Exit installer].
I am trying to dual boot Vista and F10 and I have 2 different 400GB hard drives to do it on. On the first HD, I have Vista installed but when I try to install F10 on the second, I get this error message:
Quote: Error: Unable to read group information from repositories. this is a problem with the generation of your install tree. I've looked it up and found some forums but none answer how to "fix" it (if it is indeed something that you fix).
I'm doing a Kickstart install of Fedora 11 with a DVD ISO as the installation source and the ks.cfg file in the root folder of the DVD. The error message I get is: "Unable to read group information from repositories. This is a problem with the generation of your install tree."
I am using this command: Code: sed -i 's?,$HTTP_USER_AGENT,?,$HTTP_USER_AGENT."\nFile: ".__FILE__."\nLine: ".__LINE__,?g' *.php to modify a line in my php files. I want to do this recursively from the directory I am in. but I get this message in response: sed: can't read *.php: No such file or directory sed version is 4.1.2. It's important that I only change *.php files, and do so recursively.
Long time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?
I have a file the owner is root:root ( mode is 644 ), I want to release read & write permission to a non root user ( eg. admin_usr ), I tried to create a specific group ( eg. ADM ) and release it to root user and admin_usr ( by adding this users to ADM in /etc/group ) , but it is not work, if preserve the file mode to 644 , is it ok? how to do it if I want to have read & write permission in my case ?
On opening nautilus,it shows the XP ad Fedora partitions.Clicking on them mounts the partition.However,XP partitions are mounted in Read/write mode,whereas Fedora partition is mounted only in Read mode.What changes should i need to make in /etc/fstab to enable Read/Write access to Fedora partition as well?
Anybody know how to make an ext3 or 4 partition start up at boot with only the owner and its group having read and write access permissions.I don't want 'others' to have folder access. This is what i have done. / etc/fstab:/dev/sdb5/media/Data ext4 owner 1 2 The folder starts on the boot since it has been allocated a folder as u can see. Next i changed the the ownership and the group ownership of the folder:chown johnny:johnny /media/DataThe problem is that other users can few my partition since 'others' have read access. How do i change that to zero access?
We currently have a NFS shared Directory mounted as read-only on our server.This directory contains multiple sub-directories and files. It being read-only is a equirement. Now, we need a directory underneath to be read-write. Is there a graceful way to make that happen? Like a special mount option to use? Basically objective is: /u01 is mounted as read-only and has 3 directories: dir1, dir2, dir3 dir3 has 2 sub-directories- sub1,sub2/u01/dir3/sub2 needs to be read-write, while all other are read-only.
I am trying to setup my webserver and I am trying to make a website to run under suexec but somehow I cannot start my apache it directly fails and SELinux is giving me errors and don't really know what to do with it, it is giving me some command to type but not sure if this will make my server less secure. The SELinux error is as follow:
Code: Summary: SELinux prevented httpd reading and writing access to http files.
Detailed Description: SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ [URL] "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
Allowing Access: Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1"
Fix Command: setsebool -P httpd_unified=1
I will write down how I did setup my server so maybe you can see a mistake I did. First I changed my Apache httpd.conf I added the following to it: Code: NameVirtualHost 192.168.1.2:80 <VirtualHost 192.168.1.2:80> ServerName localhost DocumentRoot /var/www/html DirectoryIndex index.html index.html index.shtml index.php </VirtualHost>
Then I created the username "ulyaoth" with the group "ulyaoth" as I specified with my suexec, then I created all the directories as specified in my httpd.conf and "chown ulyaoth:ulyaoth (dirname)" them to the right group and username.
$ whoami meder $ cd /var/www $ sudo mkdir html $ sudo groupadd web $ sudo usermod -a -G web meder $ sudo usermod -a -G web medertest $ sudo chown meder:web html $ sudo chmod -R g+rwx html
The problem is, anytime I create a new file in /var/www/html even though the group is set to web, it is only writable by the original user. I was given the advice of setting the umask to be 002 because the default is what causes the problems. But I would have to do this for all users in that group, and as far as I know it would be tedious having all of them modify ~/.bashrc to have umask 002. Even if I can do it myself with a shell command for all of those users, it still seems too tedious.