i am using linux. a want a group only can access to a folder. i create a group and set group of that folder to new created folder. ( by chgrp command ). and change the access to folder by chmod 070( only group can read-write-execute). in last, i add my user to new created folder. in this case i must can change directory to that folder, because i am a member of that group.
i can not access to that file but if i log-out from system and login again, i can use that folder. why this problem occurs? i must run which command to update user groups?
It's because things like which groups a user belongs to are read only on login. Once a user has logged in, you can change the users groups all you want, but it will not be reloaded automatically.
Try:
exec su -l $USER
I think it makes you re authenticate but should work
Related
I am trying to set up a user for my raspberry pi which is restricted to one file. This means that on this file, the user has all permissions (rwx) but on all other files and directories he has not any permission, not even read.
I need this because I want to lend my raspi incl. code to someone else. The one file is my code's config file which the person should be able to change for testing purposes. But I do not want to show my code and other settings.
I tried to set up a user and a group but this means I have to change all files/directories on the raspi. I simply want to restrict the user.
Thanks for any help.
muleque
sudo useradd -m $USERNAME
This will provide you a new user with whatever name you replace $USERNAME with. This user will have access to their own home directory and you can place this file that you want them to have access to here, /home/$USERNAME.
If you want to further restrict this user's access to the rest of the machine you can create a chroot jail which means they can access nothing apart from this directory. There are many options for how to perform this but if the user will access the raspberry pi over SSH here is a simple example.
https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/
User want from now all files it creates automatically readable to user sparrow, but for no other user. How can he ensure that this happens, the next time he logs in?
I assume the user who created the file should be able to read it as well. I will call him "creator". I further assume that the files should be owned by "creator".
The solution depends on your distribution. If every user has its own group, e.g. group "sparrow" for user "sparrow" only, you can use this group "sparrow" instead of "coworker". If all users share a common group, e.g. "users", you could create a new group that is assigned to user "sparrow" and optionally also to user "creator" as a secondary group. I call this group "coworker".
To make sure that new files get assigned this group "coworker" you can chgrp coworker somedirectory and chmod g+s somedirectory for every directory where "creator" might create files for "sparrow".
You might have to use umask as well to make sure the newly created files are readable for the group. You also must make sure the directory permissions grant user "sparrow" read and execute access (or at least execute access).
If the user creating the files is sparrow:
Edit their shell config (.bash_profile or whatever is appropriate for their shell) and add a umask command:
umask 077
This disables read/write/execute permissions for group/other, for all new files and directories created. (Note this doesn't prevent those permissions from being changed later, it just sets the initial values.)
If the user creating the files is not sparrow:
There is no way to automatically do what you desire. I think the closest you can come is to create a new group, make that group the default for both users, and then set this user's umask to 007.
I am learning Linux and I am learning how to communicate with other users. I am using Ubuntu.
I already have an existing user, and when I try to use the command write to communicate with other user
write lex pts/5
an error pops out:
write: you are uid 1000, but your login is as uid 1001
I thought the shell will allow communication in different uids, but it cannot?
Is there any ways to fix this?
change your UID to 1001
You don't have to create a new user account, promote it to admin, log out, log in to the new admin account, change your primary account's UID, log out, log in to your primary account then delete the new admin user just change your UID. ;)
You can boot into recovery mode (it's an option that appears when you start up your computer, or hold shift right after the BIOS messages complete). This will log you in a root session. Being logged in root and not your usual user account, you will be able to modify your UID.
Because the recovery mode only works in command line interface, once logged into a root session, you will have to:
Use BubbaJ's instructions to remount the root file system in read-write mode: mount -o remount,rw /.
Use Luis Alvarado's command: usermod -u NEW_UID your_username.
Follow ddeimeke's instructions to update file permissions.
Then, reboot your computer (reboot), so you can boot in normal mode.
I need to create a new user in ubuntu making the user's shell execute a specific command everytime the user logs in, thanks in advance.
You make a new user on Linux with the useradd
You can see all the options by typing man useradd
If you want them to have a program run every time put the command in their .bashrc file.
If you want this for all new accounts on this machine you can adjust (or create):
/etc/default/useradd
Default values for account creation.
Also, if /usr/local/sbin/adduser.local exists, it is executed after the user account creation, to do any local setup. The arguments passed to adduser.local are:
username uid gid home-directory
If you need the command to be executed for every user add it to /etc/bash.bashrc.local
I have a personal project which is stored in an svn repository in my home directory on a server. I want to give another user access to the repository.
I have given the user read permissions on my home directory (but not any of the documents or subfolders). I have also given them read and execute permissions on the repository.
When I attempt to checkout the repository locally as the user with:
svn co file:///home/myusername/theRepository ./aName
I get the message
svn: Unable to open an ra_local session to URL
svn: Unable to open repository 'file:///home/myusername/theRepository'
svn: Can't open file '/home/myusername/theRepository/format': Permission denied
Changing the permissions on format has no effect (e.g. giving group, user, and world all read/write/exec permissions still produces exactly this message).
I'm sure there must be a way to do this. Any suggestions?
EDIT: I would like to allow users to access it using svn+ssh.
You should not give the other user file permissions on your account. You should configure your SVN repository (typically, it will have a conf directory with passwd and authz files) to create an SVN account for the other user and set appropriate permissions for that account on the repository.
Did you make sure to go to the /conf/ directory in your svn directory and update the passwd file to allow for another user?
You should be able to open up passwd with VIM (assuming this is a Linux box) and add the new user for the repo. Format of the new user in the file is like = ...
i.e.
John Doe = password123
Save the file and restart the SVN service.
Giving the new user read access to all higher level directories resolved this issue.