topic File & Directory Permission in Operating System - Linux

File & Directory Permission

girishb — Wed, 27 Sep 2006 15:52:17 GMT

Hi there,

We have a Redhat Enterprise Linux Server. I need to add a user account (user1) and this user must have only Read Access to entire directory structure.

Its kinda urgent, so please help.

Thanks
Girish

Re: File & Directory Permission

Bill Thorsteinson — Wed, 27 Sep 2006 16:02:49 GMT

Change the owner of the directory structure
to another user (nobody or root) but
allow the users group to access the directory
tree. You can setup a group specifically
for the user.
Change the directory permissions to 755 or 750.
Try 'chmod -R go-w' on their home directory.
Once the directory is fully populated you
could even remove write access for the owner
with 'chmod -R u-w'

Re: File & Directory Permission

Ivan Ferreira — Wed, 27 Sep 2006 16:04:29 GMT

For these kind of users, you should use a restricted shell.

http://w3.pppl.gov/info/bash/The_Restricted_Shell.html

Only internal commands and commands found in the PATH environmental variable are executed. If you configure the PATH variable to have only a few commands or no commands, read only access will be granted.

Re: File & Directory Permission

girishb — Thu, 28 Sep 2006 08:38:51 GMT

Can we use setfacl command.

I need assistance, I'm a newbie :)

Re: File & Directory Permission

Ivan Ferreira — Thu, 28 Sep 2006 08:49:47 GMT

You could, but setting acls increases the installation complexity, that can derivate in errors or false sense of security if it's not correctly managed. Also the backup application should be able to store the ACL attributes. ACLs are not recommended by me.