Permissions

[albinjoseph]

Hi

I have created a new user say abc. His dome directtory is /home/abc. I need to restrict this user from accessing any directories other than one inside /home/abc. He should be able to view, edit, delete, write all the files and directories inside /home/abc. But he should not be able to list, or access any files or directories outside /home/abc. How can I achive this. Please help me.

Thanks
Albin

[DOllaBillz217]

First you need to create a group for the user. Users are members of a default group. Red Hat Linux will add new users to a group of the same group name as the user name. The default group is specified in the file /etc/passwd

user-name::user-number:group-number:comment section:/home-directory:default-shell

user1::500:500:Greg:/home/user1:/bin/bash


The user id has a user system number associated with it and this is defined in /etc/passwd. The group has a group system number associated with it and this is defined in /etc/group

group-name::group-number:user1,user2


Group Commands:

* gpasswd: administer the /etc/group file
* groupadd: Create a new group
* groupmod: Modify a group
* groupdel: Delete a new group

If using NIS, view the groups using the command: ypcat group

You can then set the permissions for that group by only giving him permissions to his home direcotry by using the chmod command to set his file privlages. Do some googling and you'll probably find a tutorial fairly quickly.

[albinjoseph]

Thanks for your reply. Let me do a search on the commands given by you.

BTW, what is NIS?

Thanks
Albin

[DOllaBillz217]

NIS is Network Information Services. It was formerly known as Sun Yellow Pages (YP), but they just changed the name. Its purpose is to provide information, that has to be known throughout the network, to all machines on the network, such as login names/passwords/home directories (/etc/passwd), group information (/etc/group), host names and IP numbers (/etc/hosts). Some people still run this, thats why I mentioned it.

[the bassinvader]

I'm thinking that you'll have to look up your umask settings too. umask sets default permissions for new files so you'll have to alter these in order to avoid giving all users (world) permission to read new files.
You'll also have to alter the existing files permissions in the other users directories to make sure that the world settings of the permission strings dont grant any access. This is a garbelled way of trying to describe this;

-rwxr-x---

This is roughly what the permission strings of your users files should look like. You can achieve this using the chmod command.

[Cabhan]

Frankly, I feel the best way to do this (not necessarily the easiest) would be a chroot jail. To do it the way other people are mentioning, every other user on the system would need to be a member of a special group, that group would need to have permissions to other directories, and the permissions for the one user would need to only allow access to his home. This is VERY inflexible if you want any nuances amongst the other users.

A chroot jail would create a special environment inside your regular environment that you could modify yourself. So /etc, for instance, would be a special /etc that would only contain what you wanted it to. And so on.

For more info, and some utilities, check out:
http://en.wikipedia.org/wiki/Chroot