I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
I'm working in Ubuntu 9.04 Desktop with Apache installed. I have a directory /var/www/test:drwxrwxr-x 5 root www-data 4096 2010-01-04 13:51 test And I've added myself as a member of the group www-data. Problem though is when i go into /var/www/test I still can't do anything, whether it's creating a new file or directory or editing files there. The files within the directory are also 775 and setup under group www-data.
I have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?
I have four users in my red hat linux 9. I want that all these four users should add in a group i.e "Marketing". please guide me that using terminal which command may i write so that the users should added in the group.I does't want to use GUI interface to do it.
I am doing rhce course but i am very confused to answer these user and group permissions.the questions are like this...the owner of the /data must be user tom.primary group of /data must be the group sysadmins.the members of the group test must be able to write and create files in the /data.the members of the group web have no access to these directory.the user jack not belong to any of these gropus must have to edit files created in /data.the user tim can only list the contents.
the questions are always like these..i am okay with sgid and sticky bit.but i dnt know where to set default acl and other permissions.
im trying to implements mercurial repositories using ssh access.The problem is that if a login via ssh with the user "userA" all file upload vi that user are created with the owner: userA:userA and i need to use the group of the parent directory... is that posible ?For example:
repos ( root:repo) -> project1 ( root:repoPrj1 ) -> file1 ( userA:usearA ) -> here i want userA:repoPrj1
If user1's main group is genetics and one wants to add him/her to group biochem and to assign biochem as his/her secondary group will the following suffice ?
$ sudo usermod -G biochem user1
I would like for user1 to have genetics as the main group but also belong to biochem. When user1 creates a file, as he/she belongs to main group genetics, I assume the file will be owned by user1 and group owner will be genetics. Ideally files created by user1 should be accessible to users in group genetics(when permissions are tweaked) but not by individuals in group biochem. However, any files with group owner biochem should be accessible to user1 as he/she does belong to biochem as a secondary group. Would having user1 main group genetics, secondary group biochem fulfil this criteria ?
Does anyone know how to change the primary group on a user without changing the password? I've tried updating the /etc/passwd and running usermod -g group userBoth of those does change the group but somehow it messes up the password so the user cannot get in with the same password.
i have a directory ( /dir1) that belongs to a user1:group1. I need to know if this is possible and if so a basic idea of how to. when i copy a file into /dir1 (as root) i would like it to obtain a different user and group. Is this possible?
I'm beginning to deal with more than one user on my system (it's a VPS serving some sites) and I need to make sure I understand how group permissions work. I have an account named "admin" .. it's basically the primary account that is used for serving most of the sites that I control myself. Now, I added a second account named "Ville" as one of my users wants to be able to administer that site. So, I can do this the easy way and just chown their domains folder under the ville user, they have permission to do whatever they need be and so forth. However, let's say I want to also give the admin user access to the files (modifying and all) .. how can I put both users into the same group and give them both permission?
I've tried doing: sudo usermod -a -G admin ville To add the ville into the admin group, but ville still cannot edit files by admin. Permissions for the primary directory for the ville user are read/write for both owner and group, and the current group for the files is admin:admin .. But ville still can't write into the directory. So, what should I be doing here to get this right and secure at the same time?
I Want to be able to let my girlfriend view my pictures folder while at the same time keeping my sister out. So I created a group "JessAndI" and made myself and her apart of that group. I changed the group of the directory recursively to "JessAndI" and gave the permissions to 770. She still isn't able to access or even view the directory unless i change the permissions to allow others whether it be 774 or 777. Am i doing something wrong? I've checked and double checked to make sure she is part of the group and the group is the group on the directory and all the sub-directories and files.
i want to set permission type "write" on a file to a particular user in a group of users ( not all users in that group). chown is changing a user to root , but i want to set say permission of "write" only to a user 1 in group staff which contains 10 users 1 , user 2 ...user 10.
Once you add a user(s) to be an administrator on the group you've created using gpasswd command (for example, i've added joe (username) as administrator for payroll (groupname) group using gpasswd); is there any way for me to view the list of users that I've assigned as administrators for a particular group? if so, what is the command line that i need to run?
After I edit /etc/group and I add a user to groups it didn't belong to, the user will not be able to use it's newly acquired privileges unless it starts a new session. Is there a command to refresh user/group properties in an ongoing session?
is it possible to limit the size of a specific folder independent of user or group? I want to restrict /var/log to a total size of 1GB. I don't think that the common approach to create a 1GB partition is the right way since it is possible that I want increase or decrease the limit in the near future.
I have created vsftp server with grop of users and they can access only to /home/ftp-folder file which i made for them..nw if i apply read rite privilages to this folder then these previlages get by users in the group obvious...bt wot i want z if i creat a folder in /home directory i.e /home/test and i want the particular user in the group can have 777 access and other users in the grop coud nt access that folder..
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
Is it possible to allow a group/user to execute a command, where one of the parameters of the command is a group as well? example that does not work as intended:
Code: Cmnd_alias SU=/bin/su -l %group1 This example works sortof, it treats the "%group1" literally. I know I can list out the "/bin/su -l <eachuser>", but as you can imagine that is impractical. In this example, I want people in group2(not shown for brevity sake) to be able to su to someone in group1