Results 1 to 10 of 10
hi
i have created a user on red hat 8 ,and i want to give that user the right only read only right .
How can i do that .
...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-15-2003 #1Just Joined!
- Join Date
- Mar 2003
- Posts
- 8
User Rights
hi
i have created a user on red hat 8 ,and i want to give that user the right only read only right .
How can i do that .
Thanks you
- 04-15-2003 #2Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
What do you mean exactly?
- 04-17-2003 #3Just Joined!
- Join Date
- Apr 2003
- Posts
- 25
i think he wants them to only be able to read and not be able to write.
- 04-17-2003 #4Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
It should be like that by default. Only place the user can write to is it's home directory.
- 04-19-2003 #5Linux Engineer
- Join Date
- Apr 2003
- Location
- Sweden
- Posts
- 796
Thats not quitly correct,
a normal user can write in /tmp and /var/tmp which can be a potential security risc, to be absolutly sure of readonly user you must have a bks-utility, like a acl:layer over linux (that can close things even for the root-user).
I can give you some tip of good ones if you like.
Regards
Regards
Andutt
- 04-19-2003 #6Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
Yes they can write to the tmp directories but they should be on a seperate partitions and mounted with nodev, nosuid, and noexec options.
- 04-19-2003 #7Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
Well, they could still fill up that partition if you don't have quotas on it, so I'd say the best thing is probably to add that user to a special group, called 'rdonly" or something like that. Then you just chown /tmp to root:rdonly add chmod it to 1757. Isn't that the best solution?
- 04-19-2003 #8Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
Yeah you could do that. I never worried about /tmp ever filling up. If someone did that, I can easily rm everything in it and remove their account.
- 04-19-2003 #9Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
Yeah, of course that's possible, but isn't it better to avoid it from the beginning? However, if this is a normal user account, /tmp shouldn't be read only, since many programs need it. Maybe quotas should be used instead?
- 04-19-2003 #10Linux Engineer
- Join Date
- Apr 2003
- Location
- Sweden
- Posts
- 796
Thats correct
The /tmp directory should be mounted with that kind of options, but its common that its not mounted with thoose default, its therefore important to fix this in a configuration step after the installation. Many applications are writing to /tmp and /var/tmp i think therefore its not good to change the ownership of thoose directorys because you therfore have to include every application user if they exist into that group.
Therfore is should suggest.
1: Always create a separate partition for /tmp
2: Mount the filesystem with noexec nodev nosuid options turned on in /etc/fstab.
3: If you can install a bks-utitlity that have their onw acl:s over the linux acl:s, so you can restrict even root to do something stupid.
RegardsRegards
Andutt
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
