[clug] Linux user permissions

Adam Jenkins adam at snorkel.rtfm.net.au
Mon Mar 24 04:20:08 GMT 2008


Hi Tim,

> created a user on my ubuntu server and want to restrict that user to
> be able to view what's in his home folder only (basically so he can
> access the files I want him to via SFTP but nothing else).

I think that's the default.

> Is there an easy way to do this?  I don't have X loaded so it's all
> got to be through the command line on a very slow connection.

You can't really stop them from viewing files outside of their home
folder, as they need to have access to system files in order to be able to
login etc.  However what you can do is to limit their access to other
users files.  For example,

ls -ld /home/tim

This will show the permissions on the /home/tim directory (it also shows
the owner of the directory, and the group that they're in).
So you basically want it to look something like
drwx------

The first bit (the d) shows its a directory.
The next 3 bits (the rwx) is for the user who owns that directory, and
shows that Tim has read, write and execute permission to it.
The next 3 bits (the start of the ---) is the permissions for members of
Tim's group.  If they had read, write execute permission to the directory
it'd show rwx.  As they have none of those permissions, it shows ---.
The last 3 bits, is for 'other', ie users who aren't part of the group.

The way to change permissions is using the chmod command.

Ie say we see /home/tim has these permissions:
drwxrwxrwx   (this means everyone has full access..  probably not what
you want)

You can do chmod g-rwx,o-rwx /home/tim
This says that for group users, take away read write and execute
permissions and for other users, take away read write and execute
permissions.  You can also do chmod with the hex values, but I've always
found the above way a lot more intuitive, and certainly it's easier when
you are just getting the hang of permissions etc.

Note that all the above is for the directory.  You might also want to do
it for files, and chmod -R lets you make changes recursively.  I think
it's most important on multi-user systems that you check permissions on
directories though, as if a user doesn't have read permission to a
directory, they can't see what files are in it to try and look at them
etc.

There are no doubt better guides around on the chmod command but hopefully
this is okay for what you're after.

> TIA
>
> Tim
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>



More information about the linux mailing list