[clug] Linux user permissions

Mike J astro_mikel at hotmail.com
Mon Mar 24 04:47:04 GMT 2008


I could be way off but if its an FTP server you should be able to define what the user can and can't do in the configuration? e.g. not letting him out of the home folder to begin with.



> Date: Mon, 24 Mar 2008 15:20:08 +1100
> From: adam at snorkel.rtfm.net.au
> To: tim at murphy.org
> Subject: Re: [clug] Linux user permissions
> CC: linux at lists.samba.org
> Hi Tim,
> > created a user on my ubuntu server and want to restrict that user to
> > be able to view what's in his home folder only (basically so he can
> > access the files I want him to via SFTP but nothing else).
> I think that's the default.
> > Is there an easy way to do this?  I don't have X loaded so it's all
> > got to be through the command line on a very slow connection.
> You can't really stop them from viewing files outside of their home
> folder, as they need to have access to system files in order to be able to
> login etc.  However what you can do is to limit their access to other
> users files.  For example,
> ls -ld /home/tim
> This will show the permissions on the /home/tim directory (it also shows
> the owner of the directory, and the group that they're in).
> So you basically want it to look something like
> drwx------
> The first bit (the d) shows its a directory.
> The next 3 bits (the rwx) is for the user who owns that directory, and
> shows that Tim has read, write and execute permission to it.
> The next 3 bits (the start of the ---) is the permissions for members of
> Tim's group.  If they had read, write execute permission to the directory
> it'd show rwx.  As they have none of those permissions, it shows ---.
> The last 3 bits, is for 'other', ie users who aren't part of the group.
> The way to change permissions is using the chmod command.
> Ie say we see /home/tim has these permissions:
> drwxrwxrwx   (this means everyone has full access..  probably not what
> you want)
> You can do chmod g-rwx,o-rwx /home/tim
> This says that for group users, take away read write and execute
> permissions and for other users, take away read write and execute
> permissions.  You can also do chmod with the hex values, but I've always
> found the above way a lot more intuitive, and certainly it's easier when
> you are just getting the hang of permissions etc.
> Note that all the above is for the directory.  You might also want to do
> it for files, and chmod -R lets you make changes recursively.  I think
> it's most important on multi-user systems that you check permissions on
> directories though, as if a user doesn't have read permission to a
> directory, they can't see what files are in it to try and look at them
> etc.
> There are no doubt better guides around on the chmod command but hopefully
> this is okay for what you're after.
> > TIA
> >
> > Tim
> > --
> > linux mailing list
> > linux at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux
> >
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Fashion, beauty, health, relationship advice and horoscopes.

More information about the linux mailing list