Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Why are Linux file permissions still so primitive and is this likely to ever change?
Each file/dir can only have an owner and group. This seems to make the following things extremely difficult to implement:
How can you make a file read only and not delete-able, but still give that user permission to write to its directory?
How can you restrict directories to only certain users with out having to create a group for every possible combination of users required? And having done that its useless anyway because anyone who creates a file doesn't get it's permissions inheretted, so every user has to explicitly change the permissions on every file they make just so others can edit it.
I have found myself having to modify my programs to set the permissions of a file to the directory where it is saved to just to avoid user frustration.
How do you handle these sorts of things on desktop systems with non power users?
You can use the ACLs to have an advanced control on file and directory permissions.
An example (for Archlinux in this case) is here: https://wiki.archlinux.org/index.php/Access_Control_Lists
Have you tried using Access Control Lists ? see the setfacl command for an overview.
The issue of inheriting incorrect permissions is discussed at linuxquestions.org. Below is a summary of the proposed solution.
#mkdir tech
#chown root:tech tech/
#chmod g+s tech/
#chmod 0750 tech/
#setfacl -d -m g:techAdmin:rwx tech/
#setfacl -m group:techadmin:rwx tech/
The above will create a new directory tech which is owned by the tech group. The user group techAdmin will have access to read/write/create and tech group users will have read access.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
My question is about permissions and ownership settings for my custom shell scripts and the custom shell script directory itself. This is only for security on my personal machine, but I'd like to know best practices for any situation.
My script directory is /usr/local/scripts/
Should I give myself write privileges to my own scripts? Or should root be the only one?
Should everyone else have read-only permission?
Should root have ownership over any of my scripts/directory?
I'm still learning UNIX permissions, so trying to wrap my head around the implications of certain files having certain permissions still eludes me to an extent. Thanks in advance.
First, I recommend you to put your unprivileged scripts (scripts that do not need to be executed as root) inside your home folder (it is a common practice to put them in ~/bin, some distributions even add this directory to your $PATH, so you can execute them from any directory). That way you do not have to write to a root-owned directory, avoiding the need of becoming root to edit them.
About execute permissions, almost always, if you have read permissions you will be able to execute it, either by copying to another location and giving it execute permissions, or by launching the interpreter with the script as first argument (eg. bash my_script.sh).
I see no problem in giving others read and execute permissions to my scripts, remember that they will be executed with the executing user's permissions, not yours. Anyway, if they have the knowledge, they will be able to write and execute them.
If you put scripts outside your home directory, they should be owned and only editable by root (they can be readable and executable by everyone). That way, if root executes it, it knows that no one else can have changed the file, so it is secure.
Should I give myself write privileges to my own scripts? Or should root be the only one?
I don't see a security reason not to give yourself write privileges - it is just inconvenient to manually maintain scripts in system directories. If these scripts are for personal use, it is best to keep your scripts somewhere in your home directory, probably ~/bin and then add that directory to the beginning of your PATH variable through your shell's startup script in your home directory. That way, you don't need any special permissions to test your scripts.
Should everyone else have read-only permission?
Unless you want to keep the contents of your script a secret, it should not be a problem to give others both read and execute permissions.
Should root have ownership over any of my scripts/directory?
The important thing is that other users must not have write access to the scripts. As long as the owner is you and you are the sole member of the group assigned to the file, you don't need to worry about security. It is just not convenient to have your scripts outside your home directory, but otherwise things should be fine.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I were using windows but now I am shift to unix like os sucn as linux,fedora .Now I am confused what is root in linux os?Please explain me.
Root user is also known as superuser in Linux-based OS. Basically, root user is granted all permission to do various task on that system. This includes adding/removing normal user account, managing services, changing ownership of files/folder and many more.
Normally, it is recommended for system administrator to create another normal user account to perform day-to-day operations while root account should only use when necessary. Once the system administrator has completed the necessary task, he/she will then revert back to their normal user account immediately. It is because a mistyped of command using root account might lead to wiping all data in the system!
For more information about root, you can visit here and here. Hope it helps.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I installed the shrewsoft vpnmanger on my linux (crunchbang kernel 3.2.0-4 amd64) the problem is, that somehow it can only be started as sudo. Can someone explain how i can fix this?
sudo /usr/local/sbin/iked&
How can I change the iked installation so that it is available for each user?
Thanks
It's just about the paths a normal user's shell search for commands. But normally it makes sense that those commands located in a sbin dir are not accessible by typing just the command's name. Those commands need access to protected resources that are only accessible by root.
But if you have the luck that you can gain the full rights by means of sudo you can simply create an alias via
alias iked="sudo /usr/local/sbin/iked"
and add it into your shell's resource file.
To make the full command accessible to all users by simply typing iked you can create a little bash script named iked with content
#!/bin/bash
sudo /usr/local/sbin/iked
and place it in /usr/local/bin.
Of course that implies an appropriate /etc/sudoers file and that the execute permission of iked is set.
try copying or symlinking in it in /usr/bin.
and see if it work for the user then, if it has a global log file (I don't know about this app so not one to comment) but assuming it has some log in /var/log/iked.log and its been written by root you will have permssion issues by another user, so chown it to some neutral group like users or something.:
Try here it may give you more info, I can see you could try:
/usr/bin/iked -d 4
But from what I read it does have a log in /var/log and yep that permission issue would be the primary issue specially if root was the first user to run this app.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am trying to migrate data from onw of my VPS to another. The problem is, for the VPS from where I am moving the files, I don't have root access, and most of the user uploaded content in there are owned by apache, and hence when I tried rsync I got access denied. I tried chown from the account I do have access to, but it seems that account can't change the owner of those files(but I might be doing it wrong as well, since I am new to SSH. So please tell me the correct syntax to recursively change ownership of all files within a folder and subfolders. I tried chown -R dirname/*). So is there any other way to move these files?
Also, if I reset the password(I am on godaddy linux-VPS), will it affect my site or cause any downtimes? If I get root access, will it help in this matter?
Resetting your password on your Go Daddy Linux VPS should not cause any downtime. The password reset should just change the user and root passwords. Once you are logged in to the server as your user you will then use the "su" command to change to the root user. You cannot log in directly as root. The command will look like this:
#su -
Once logged in as root you should be able to do the rsync without issues.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
In linux, how can I give access permissions to a file/folder to a specific person. In other words suppose I want to allow only and only user fred to be able to read a file, then how do I do that?
Note that I know about chmod and all, but Linux doesn't seem to provide a fine tuned access permission control where you can specify the access control of one specific user.
Thanks,
Alison
Unix uses discretionary access control (DAC) for permissions and access control. For better security SELinux provide mandatory access control (MAC). This is consider difficult for administrators to set up and maintain.
Use commands:
chown user_name file
chown user_name folder
chown -R user_name folder #recursive