I have a symlink in my /var/www/ folder that points to a folder in my home directory. I had to set the "other" permissions on the folder to read/execute in order to get files to show up when visiting the server via a web browser, but this allows access to the folder by other users. I want apache to be able to access this folder, but I also want to deny read/write/execute to any other users (other than apache and myself). How do I go about doing this?
I figured it out:
The apache service belongs to the user www-data, so I just added www-data to my own user group and then restarted apache!
Related
Example: Only MyExe.exe and the Administrator is allowed to access folder "c:\MyExeFiles", no other program.
I don't think that this is possible.
But you can run the app under another user account. See the RunAs command.
Folder rights can be limited per user or user groups, so as far as I know the only was is to assign another user exclusive rights to the folder along with Administrators and deny others and use the RunAs command to run the program as that user
I've followed this procedure to only allow sftp access to the sftp group
Restricting SFTP user to home directory
for this to work the home directory of the user has to be root owned.
How can can enable this so the user can delete and upload files to this area when sftp'd in? I've tried keeping the owner of the home folder as root:root and changed all the permissions to files below to user:sftp but that doesnt work.
Deleting and creating files in a directory depends on the write permission to this directory. So you will have to create subdirectories owned by the sftp-user inside his home were this user is able to write.
There are some workarounds to this, but all of them have their side effects.
I would like to know how to encrypt the FTP directory, because the employees that have an elevated permissions are able to see the content of the FTP although they don't need to access to this documents.
Thanks in advance
Encrypting the directory is not possible, but you could encrypt the underlying filesystem. However, anyone logged in with enough permissions to view the contents of that directory is still able to view files in it.
You're better off setting correct permissions for this directory, so that it doesn't include other employees/users rights.
So for example, if your FTP directory is in /home/ftp. Ensure it is only accessible by the ftp user (assuming 'ftpusr' is a valid user and 'ftpgrp' is a valid group)
# chown ftpusr:ftpgrp /home/ftp
# chmod 750 /home/ftp
This way only the user 'ftpusr' and all users belonging to the 'ftpgrp' group are able to view the files inside the directory.
I want to give permissions for subfolders in Owncloud.
Example:
a user can edit and read all the files in a synchronized folder except some specific subfolders.
Im working with desktop client and web interface. Version: OwnCloud 8.0.3 (stable)
As far as I know a user has access to all his/her folders and files, plus any files that are shared with him/her by other users. You cannot restrict access to user's files if they are in that user's account.
My assumption is that you are an administrator and can create accounts, etc. A workaround might be the following, but it is a workaround and not the solution you've asked for:
If there are some files that you'd like more than one user, or only specific users to be able to view; you can share them using the web interface.
You could create a master user who has access to all files and then share with the other users from the master account.
If anyone knows any different to this please suggest an edit to my answer and I'll put it in.
i'm using Sitecore 6.5.
I want to configure a Sitecore role to access the /system folder from the content editor.
(my end goal is to have certain user to access and edit the webforms in /system/modules/web forms for marketeers)
I have granted read rights to the system folder on the role, but the /system folder does not appear in the content editor tree.
I guess if there is some other security preventing the users to see the system folder?
I can only get a view on the system folder by granting full admin rights to the user.
First off, make sure the user has the Entire Tree and Hidden Items options ticked in the View tab.
Also, to check if it's access rights you can use the Access Viewer to see whether the user has access rights. If they don't you can click on the Read right (for instance) and see why they don't have access to the System node (for example, which role Denies the read access).
For more information, please check the Security Reference document on SDN.