Find the answer to your Linux question:
Results 1 to 10 of 10
hi i have created a user on red hat 8 ,and i want to give that user the right only read only right . How can i do that . ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2003
    Posts
    8

    User Rights


    hi

    i have created a user on red hat 8 ,and i want to give that user the right only read only right .

    How can i do that .

    Thanks you

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    What do you mean exactly?

  3. #3
    Just Joined!
    Join Date
    Apr 2003
    Posts
    25
    i think he wants them to only be able to read and not be able to write.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    It should be like that by default. Only place the user can write to is it's home directory.

  6. #5
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    Thats not quitly correct,

    a normal user can write in /tmp and /var/tmp which can be a potential security risc, to be absolutly sure of readonly user you must have a bks-utility, like a acl:layer over linux (that can close things even for the root-user).

    I can give you some tip of good ones if you like.

    Regards

    Regards

    Andutt

  7. #6
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Yes they can write to the tmp directories but they should be on a seperate partitions and mounted with nodev, nosuid, and noexec options.

  8. #7
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Well, they could still fill up that partition if you don't have quotas on it, so I'd say the best thing is probably to add that user to a special group, called 'rdonly" or something like that. Then you just chown /tmp to root:rdonly add chmod it to 1757. Isn't that the best solution?

  9. #8
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Yeah you could do that. I never worried about /tmp ever filling up. If someone did that, I can easily rm everything in it and remove their account.

  10. #9
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Yeah, of course that's possible, but isn't it better to avoid it from the beginning? However, if this is a normal user account, /tmp shouldn't be read only, since many programs need it. Maybe quotas should be used instead?

  11. #10
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    Thats correct

    The /tmp directory should be mounted with that kind of options, but its common that its not mounted with thoose default, its therefore important to fix this in a configuration step after the installation. Many applications are writing to /tmp and /var/tmp i think therefore its not good to change the ownership of thoose directorys because you therfore have to include every application user if they exist into that group.

    Therfore is should suggest.

    1: Always create a separate partition for /tmp
    2: Mount the filesystem with noexec nodev nosuid options turned on in /etc/fstab.
    3: If you can install a bks-utitlity that have their onw acl:s over the linux acl:s, so you can restrict even root to do something stupid.

    Regards
    Regards

    Andutt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •