I tried to place a mono icon in usr/icons/etc but I didn't have the permission to do so. I tried to change my user profile to Admin, thinking I could go back to custom, but that hasn't and it isn't allowing me to go back to my previous setting.
Within minutes of being an Admin user I noticed I couldn't even unmount something. I really need to figure out how to change my profile back to default.
After that has been dealt with, I would like some guidance on how to gain root access to put my icon where it needs to be.
We are a school and we share a samba folder with students and teacher groups. What we are trying to do is:
- Give students group users the permissions to rwx own files in folder
- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.
- Teachers can do anything with files in folder
As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?
one thing i can't seem to be able to do is give the guest account just these permissions: using firefox (or other browser) and using one file directory and using a text editor. means the guest can browse the net and sefe some infos form that - nothing more. the previous version had something like that, it was really easy for me, a noob, to do it with two or three clicks. if this possibiility exists, what to do. if it's not implemented... maybe it should be. 'cause many people let others use the computer but don't want any complications...
I am currently trying to replace my Windows Server with a CentOS 5.3 box running nfsd for file serving. I have it all up and running however I cant see anyway of securing user access rights to the shares as all you need to access them is just clone the User ID of a user authorized to access the share of any Linux system which seems a bit insecure to me? I was wondering if there was any advice on securing access to server shares in CentOS.
I'm struggling to understand an aspect of mounting and mountpoints with /etc/fstab. There is a large number of sites and threads that make recommendations using things like uid, gid, umask, and other options. These methods, however, which I've used, are file-system specific, useful only for filesystems such as (V)FAT and NTFS that allow them.My current situation is that I am mounting partition /dev/sdb5 in, let's call it /media/myMount. My goals:Mount this partition automatically upon boot using /etc/fstab...The partition should be fully accessible only to a specific user or group.What I've done is create the mount point in /media:
If user michapma were to carry out the mount, I believe it would work; however, I want the mount to happen automatically during boot. So, how can I achieve my user (or group) permission goals for this and any other such partitions using fstab?The manpage for mount has been helpful, but after reading many tutorials and forum threads, the only way I know how to do it is to have the user do the mounting or rely on the file-system specific options.
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
Picture the following:On computer A, local user John (and John alone) has rwx access to file1.txtComputer B also has a local user account named John. If file1.txt was to be copied from computer A to computer B, would the user account John on computer B be able to access it?I guess this wouldn't work using two windows computers due to the User name / GUID relationship. Maybe linux has something similar?
look at this : Uploaded with ImageShack.us how can set permissions in linux like this? I want one user can delete files but can't modify them and ... in linux i have 3 group to assign read write and execute them. is ntfs flexible than linux file system?
As I was researching on how to create a kiosk Ubuntu setting I came upon a suggestion to create the user with '/usr/bin/screen' shell option.Hope you all would forgive me for this noob question but what does this mean? I saw when I checked the Advance Settings Advance tab that there are a couple of possible options there, what do they mean and how will they affect the user profile I'm creating? I tried google for this and if my understanding is correct, these shells are suppose to be programmable and a scripting language for linux but I'm confused on what effect this has on the user profile I'm creating?One thing I notice though is that with the '/usr/bin/screen' option, the user account is refused of the Applications > Accessories > Terminal option.When I googled each one of the options I'm getting more confused as to the relevance of this to the user profile.
I want to limit what a authenticated user can do on my Linux server. I've set the default shell to rbash, but I know a knowledgeable user can switch shells. Can I use file permissions to deny execution rights to /bin/bash to anyone who is not in a particular group? And if that works, how do I find out what other shells are installed on my server (Ubuntu 9.10)?
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
i am trying to set the file permissions for the log files "/var/log/Xorg.0.log" and "/var/log/gdm/:0.log". These files seem to be created when a user logs into a whokstation (my guess so far). I am trying to comply with a security mandate that all log files in the directory /var/log are set to 0640. The two mentioned files always seem to have the permissions 0644, does anyone know where and when these filea are created and how I might set the permissions when the files are created
I recently got an old computer to use as a server and I have a whole list of things I want to do on it, but I'm having difficulties.When I installed the server, I installed AMP, FTP, Samba, CUPS, and some other items. I made a user account called 'nessdan' which (currently!) is in these groups:
The www-data group was added because I wanted to FTP my site files into '/var/www/' . Okay, that ended up working out for me. This is where things got sticky. I installed PHPMyAdmin and the files went to '/usr/share/phpmyadmin/' . I wanted to install a new theme so I downloaded it onto my Laptop, then logged in via FTP but couldn't transfer files into there! It turns out the folder was owned by 'root' and was in the group 'root'. The only thing I could come up with was to change that folders permissions so the owner was 'nessdan' and the group 'admin'. I was going to do that to the entire /usr/share/ folder but I didn't know whether or not I should be changing the permissions in the first place.
But the the trend continues! I have my print server setup and working but I wanted the server to hold the Windows drivers, so I went to '/var/lib/samba/' to do some work but noticed that a lot of the files' permissions were locked down to read only and the owner and group were 'root' . I ended up doing a 'chmod 775' and changing the owner and group to 'nessdan' and 'admin', respectively. Well I transfered over the files but now the service nmbd isn't working. The good news is, I expected to mess something up along the way and had already planned on reinstalling Ubuntu Server 10.10. I've only had the server for 4 days now and I knew from the beginning I'd be wiping it clean. I want to know how to set this thing up proper and the biggest problem is getting access into folders so I can FTP into them.When I do wipe my PC clean and start anew, how should I go about the changes that I did before (PHPMyAdmin, Samba Driver Folder)?
I'm running Apache2 under uBuntu 9.10. My problem is that I use my own user "wavesailor" to work on my websites. I kept all my sites under /var/www and I set up the security of the directory after following the guidelines.
I have just formatted a partition that had contained a windows OS, it is now formatted to ext4 and is dev/sda1 dev/sda2 contains my Ubuntu OS and all files although the empty partition shows up in Nautilus I cannot write to it as it is owned by root.I have done some research on changing the permissions on this, but am none the wiser!!
Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command.I cannot find gksudo and do not know what commands to use in the terminal to achieve my goal. I am in totally unfamiliar territory here, and need some fairly simple explanation and guidance to be able to claim my empty partition so I can read from and write to it.
I have a file server running a cronjob to reset file permissions on a regular basis. I was thinking, I wonder if there is a way to do the chmod and chown command in a single command, as I always have to do both on the same folder, the way that you can do "chown root:users Uploads" instead of having to do two separate commands for chown and chgrp.
Then I got to thinking, are these commands even necessary? Every file copied or moved into these folders by any user needs to be something like "chmod 750" and "chgrp root:users", so rather than running a cronjob to do these modifications at regular intervals, there ought to be a way to set the folder permissions so that any files contained within will have these permissions.
The problem arises because users create documents, then a supervisor with elevated privileges can move those documents into a shared folder, however the permissions are wrong, they are user1:user1 for the owner and group and the other users can't read the file until a cronjob changes the group to be users. This has actually been acceptable, but certainly there is a better way to do this.
2 computers, Ubuntu 10.04 and Ubuntu 8.04. I have 2 folders named In and Out. Out I have set up on 10.04 for guest use. I am able to transfer files to 8.04 from that folder. Trying to set up In for a specific user to modify files. This requires a login. Both computers have the same user name and both have the same password. I set the file permissions automatically from 10.04 when electing to share In for allowed modiying. When trying to access In using 8.04, a password request window is generated with the user name already showing, and the domain name filled in as "Workgroup". The user name that shows is my login name, by the way.
I'm attempting to set up a Samba share on my lab's small server (Ubuntu Server Edition, 10.04). It looked easy enough, but the share that I set up didn't allow anyone to actually put anything on it: no uploading stuff, etc. (You can still upload files via the command line, so I implemented the unix extensions = no fix). The share is writeable and visible, and anyone can access it (according to the Samba GUI). According to the smb.conf:
The other Windows machines in the lab see the new server and its share automatically, although they can't make changes to it, like create a new folder in the share. Most of my lab uses Snow Leopard (OS X 10.6), and a few others use Windows. I can connect to the server using my MacBook either through the terminal or Finder -> Go -> Connect to server -> smb://blah.someplace.edu without problems.
I can do pretty much anything via the command line, but not through the Finder! If I want to create a new folder, it gives me an old-school error message (stupid blue face): "The operation can't be competed because you don't have the necessary permission." If I want to drag-and-drop a file from my desktop to the Share folder, I get a pop-up window (lock + blue face): "Type your password to allow Finder to make changes." If I do, then I get another pop-up: "One or more items can't be copied to "Share" because you don't have permission to read them. Do you want to copy the items you are allowed to read?"
Is it possible "reset" all (X, GDM related) permissions/settings of one user? What would cause one specific user not to be able to log into anything via gdm/the login screen? After providing the proper password, the screen goes black and then jumps back to the login screen. No session alternative works, not even xterm or gnome failsafe. I can however log in via the console (Ctrl+Alt+F6, recovery etc). With another user I can log in via GDM just fine, and deleting and re-adding the "broken" user doesn't make any difference.
Some (maybe) relevent logs:
part of syslog:
Dec 12 01:20:58 <specific user> pulseaudio: core-util.c: Home directory /etc/timidity not ours. Dec 12 01:20:58 <specific user> pulseaudio: lock-autospawn.c: Cannot access autospawn lock.
First let me say that Lubuntu is a lightweight version of Ubuntu, so there is not much point in loading it up with unnecessary packages. If you just want to share printers on a Linux network, you don't need Samba. And if you just want a way that users can "push" files to others on a network, use Giver (+ Avahi) as this is a better option. Especially as it sorts out file permissions for you.
To enable file sharing on a Lubuntu 10.10 machine, go to Preferences > Synaptic Package Manager and add the following:- * samba * system-config-samba * gvfs-bin * gvfs-backends ...accepting any dependancies, 11 packages in total.
I suggest you re-boot now. As an initial test, go to file manager (pcmanfm) and enter:- smb://localhost You should see the local print$ folder listed.
To access folder shares remotely * open file manager (pcmanfm) * enter the IP address or computer name of the machine you wish to access e.g. smb://192.168.0.99 or smb://print-server
To share a folder:- Go to: Preferences > Samba (enter password when requested) In the Samba Configuration screen:- * File > Add Share * use Browse... to select folder to be shared * Tick "Visible" and (if required} "Writable" * In the "Access" select "Allow access to everyone" Set the Linux permissions:- * locate the folder to share in file manager * right click on the folder and select Properties > Permissions * set the required permissions, e.g. Other: Read & Write (to allow anyone full access)
i am trying to finish up a lab in that i have i have some accounts created under groups called "mgmt" and "pl". I am trying to figure out how i can get the guys in "mgmt" to be able to modify files in a directory called "mgmt-final" but the guys in the group "pl" will only be allowed to read those files.
I have set up freenas with 3 1tb hard drives. I have set up the SMB shares for the drives and can view each shared drive from each of the machines on my network. I can copy files from the hard drives, on the freenas but when I try to copy a file to the Freenas hard drives I get a message that I need permission to do this. I have all my shares set as anonymous how do I change the permissions so that I can save files to the drives.