Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am creating a shared folder for users in the 'development' group. I am having trouble coming up with a series of commands to use to do this I need to set the following permissions:
Only members of the development group can create files in it
Users can only delete the files and directories they create
Any new files/folders in the shared directory are associated with the group
Group owner can only read
Owner can read files, but others cannot have r/w access
What series of commands could I use to accomplish this?
I just cannot seem to get this right with chmod and , and when I login as my other users I keep on getting permission denied for viewing the folder or creating files even with sticky bit set.
Angellic Chords,
first you must state in your request if you have root privileges (login,sudo) to manipulate permissions in the filesystem.
Now you need split task into smaller blocks:
a. add users into developer group (dev_group - assumed already exists)
root# for user in (user1 user2 user3 ... usern)
do
usermod -a -G dev_group $user
done
b. create developer group directory
mkdir /some/path/to/developer/group/dir
c. assign permission on the folder: see doc
owner root.dev_group (root)
owner rwx -- can read, create, change into directory
group rwx -- can read, create, change into directory
other/world r-x -- can read, change into directory only (check if this desirable)
set SGID - newly created files/directories inherit group from directory
set 'stiky' bit - allows manipulate only own files/directories
chown root.dev_group [path to directory] # owner root.dev_group
chmod u=rwx,g=rwx,o=rx [path to directory] # user rwx; group rwx; other r-x
chmod g+s [path to directory] # SGID bit inherit group from directory for new files and directories
chmod +t [path to directory] # stiky bit manipulate own files and directories only
or
chmod 3775 [path to directory]
NOTE: execute permission on a directory allows to change into the directory
d. define umask for each user:
user rwx
group r--
other ---
(in shell initialisation scripts as .bashrc .profile ....)
umask u=rwx,g=r,o=
NOTE: if umask must be different for any valid reason, then user has to change permission at creation, copy time on new files/directories
More grained access restrictions can be achieved with access control lists acl and SELinux contexts.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I have a directory with strange permissions ( drwxr-xr-x+ ) - trailing ( + ) as 11th character, which seems to force all the files and subdirectories to assume rwxrwxrwx permissions, Following is the permissions.
drwxr-x---+ 3 root root 4096 Dec 22 15:33 directory
I want to get rid of this trailing ( + ).
I have tried following .
chmod 755 directory/
chmod a-x directory/
chmod u=rwx,g=rw,o=x directory/
I have tried following as well :
sudo chmod u=rwx,g=rx,o-x,u-s,g-s directory/
Any help will be appreciated .
Thanks - I am stuck .
The trailing + signify that ACL, Access Control List, is set on the directory.
You can use getfacl to get the details
getfacl directory
Following output is from getfacl Codespace which have ACL set by setfacl -m u:umesh:rw Codespace.
Here setfacl is giving rw permission to Codespace directory for user umesh.
# file: Codespace/
# owner: root
# group: root
user::rwx
user:umesh:rw-
group::r-x
mask::rwx
other::r-x
and we can remove the ACL using setfacl, for example, for the above sample
setfacl -x u:umesh Codespace/
More details at man setfacl and man getfacl
The + when listing a file will signify extended permissions on the file. These permissions will be set with access control lists. If you run "getfacl directory" you will see the extended permissions on the directory.
Depending on how the access control lists are set up, to remove, run:
setfacl -x u:username directory
and/or
setfacl -x g:groupname directory
To remove the + from the listing, you may also need to run:
setfacl -x m directory
setfacl -b directory
Remove all extended ACL entries. The base ACL entries of the owner, group and others are retained.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am working on a raspberry pi and am having a tough time giving permissions to an external hard drive that I have mounted using the following tutorial:
http://www.howtogeek.com/139433/how-to-turn-a-raspberry-pi-into-a-low-power-network-storage-device/
I have now created folders on that external hard drive and when I do a ls -l command I get the following returned:
drwxr-xr-x 2 root root 512 Aug 28 23:24 test
That is located in: /media/USBHDD1/shares
Now I'm trying to give it all write read and execute permissions or even change the owner and group to pi:pi
However, chmod 777 is not working – it doesn't return an error, just seems to have no effect
And when I use
sudo chown -R pi:pi test/
I get the error
chown: changing ownership of `test/': Operation not permitted
This is a linux question but I think someone with background and knowledge of using a raspberry pi can help me out here.
Extra info as requested:
When I run pi#raspberrypi /media $ grep USBHDD1 /etc/mtab
it returns:
/dev/sda1 /media/USBHDD1 vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0
The reason is because the ownership and permissions are defined at mount time for the vfat FS.
Manual page mount(8):
Mount options for fat ..
uid=value and gid=value
Set the owner and group of all files. (Default: the uid and gid
of the current process.)
umask=value
Set the umask (the bitmask of the permissions that are not
present). The default is the umask of the current process. The
value is given in octal.
There are at least three things you can do:
(1) Give pi:pi access to the entire /media/USBHDD1 mount:
mount -o remount,gid=<pi's gid>,uid=<pi's uid> /media/USBHDD1
To determine pi's uid:
cat /etc/passwd |grep pi
To determine pi's gid:
cat /etc/group |grep pi
(2) Give everyone access to /media/USBHDD1 by changing the umask and dmask (not recommended):
mount -o remount,umask=000,dmask=000 /media/USBHDD1
(3) Change the partition to a different file system. Only do this if you're not accessing the the external hard drive from a windows computer:
You won't be able to convert the file system from VFAT to a Unix-compatible FS, so you'll have to backup the contents of the drive, format as EXT3+ or reiserfs, then copy the contents back. You can find tutorials for doing this on the web.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I need to create a user which can only SFTP to specific directory and take a copy of some infomation. that is it. I keep looking online and they bring up information about chroot and modifying the the sshd_config.
So far I can just
add the user "useradd sftpexport"
create it without a home directory "-M"
set its login location "-d /u02/export/cdrs" (Where the information is stored)
not allow it to use ssh "-s /bin/false"
useradd sftpexport -M -d /u02/export/cdrs -s /bin/false
Can anyone suggest what am meant to edit so the user can only login and copy the file off?
I prefer to create a user group sftp and restrict users in that group to their home directory.
First, edit your /etc/ssh/sshd_config file and add this at the bottom.
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
This tells OpenSSH that all users in the sftp group are to be chrooted to their home directory (which %h represents in the ChrootDirectory command)
Add a new sftp group, add your user to the group, restrict him from ssh access and define his home directory.
groupadd sftp
usermod username -g sftp
usermod username -s /bin/false
usermod username -d /home/username
Restart ssh:
sudo service ssh restart
If you are still experiencing problems, check that the directory permissions are correct on the home directory. Adjust the 755 value appropriately for your setup.
sudo chmod 755 /home/username
EDIT: Based on the details of your question, it looks like you are just missing the sshd_config portion. In your case, substitute sftp with sftpexport. Also be sure that the file permissions are accessible on the /u02/export/cdrs directory.
An even better setup (and there are even better setups than what I am about to propose) is to symlink the /u02/export/cdrs directory to the user home directory.
You could need to add a restricted shell for this user can put some files there. You can use rssh tool for that.
usermod -s /usr/bin/rssh sftpexport
Enable allowed protocols in config /etc/rssh.conf.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I would like to know whether there is any simple shell command to change the user home directory in Linux/Unix (one similar to chsh which changes the default login shell of an existing valid user) without touching the /etc/passwd file. Thanks
Ibrahim's comment on the other answer is the correct way to alter an existing user's home directory.
Change the user's home directory:
usermod -d /newhome/username username
usermod is the command to edit an existing user.
-d (abbreviation for --home) will change the user's home directory.
Change the user's home directory + Move the contents of the user's current directory:
usermod -m -d /newhome/username username
-m (abbreviation for --move-home) will move the content from the user's current directory to the new directory.
From Linux Change Default User Home Directory While Adding A New User:
Simply open this file using a text editor, type:
vi /etc/default/useradd
The default home directory defined by HOME variable, find line that
read as follows:
HOME=/home
Replace with:
HOME=/iscsi/user
Save and close the file. Now you can add user using regular useradd
command:
# useradd vivek
# passwd vivek
Verify user information:
# finger vivek
The accepted answer is faulty, since the contents from the initial user folder are not moved using it. I am going to add another answer to correct it:
sudo usermod -d /newhome/username -m username
You don't need to create the folder with username and this will also move your files from the initial user folder to /newhome/username folder.
In case other readers look for information on the adduser command.
Edit /etc/adduser.conf
Set DHOME variable
You can do it with:
/etc/passwd
Edit the user home directory and then move the required files and directories to it:
cp/mv -r /home/$user/.bash* /home/newdir
.bash_profile
.ssh/
Set the correct permission
chmod -R $user:$user /home/newdir/.bash*
Found out that this breaks some applications, the better way to do it is
In addition to symlink, on more recent distros and filesystems, as root you can also use bind-mount:
mkdir /home/username
mount --bind --verbose /extra-home/username /home/username
This is useful for allowing access "through" the /home directory to subdirs via daemons that are otherwise configured to avoid pathing through symlinks (apache, ftpd, etc.).
You have to remember (or init script) to bind upon restarts, of course.
An example init script in /etc/fstab is
/extra-home/username /home/username none defaults,bind 0 0
usermod -m -d /newhome username
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have Linux VPS and few accounts there. I used SSH with root logins to copy files from one account to another (e.g. in this folder
/home/firstacc/public_html/forum I typed cp -R * /home/secondacc/public_html/community).
Now when I use regular FTP to edit files on secondacc - I can't modify it - SmartFTP says permission denied. Now how do change ownership or permissions so they can be edited via regular FTP ?
use chmod to set the permissions (but be careful not to allow any wild process to modify your files) and chown/chgrp to change ownership/group-membership of your file.
ideally you would create a group (i call it 'fancyhomepage') where both users are members thereof:
# addgroup fancyhomepage
# adduser firstacc fancyhomepage
# adduser secondacc fancyhomepage
then make sure that all files you want to share belong to this group and are group-writeable
$ chgrp -R fancyhomepage /home/secondacc/public_html/community/
$ chmod -R g+rwX /home/secondacc/public_html/community/
$ chown -R <user>:<org> on the directory changes the permissions for everything in the directory and below.