?
Solved

file system security- unable to access

Posted on 2003-03-28
15
Medium Priority
?
259 Views
Last Modified: 2010-04-22
Hi,

I have assigned a+rwx permissions on a directory, the other users are still unable to access this directory. they get permission denied msg. i tried adding those users in to my group, still no luck. I am running RH 7.3. Any clue? Thanks.

SD
0
Comment
Question by:iit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 8228377
Exactly what is the operation that is not working?
o cd to the directory
o ls the directory
o create a file in the directory
o remove a file in the directory
o etc.
0
 

Author Comment

by:iit
ID: 8228430
test case1:

logged in as user1
chmod a+rwx /home/user1/dir1

su user2
cd /home/user1/dir1
it gives permission denied.

test case2:
logged in as user1
cd /home/temp/dir1
su user2
ls <-- works

once i am in the directory it works. but cd to that directory , creating a file, ls , rm doesn't work outside from that directory.

Thanks for looking in to it.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8230926
is /home/user1/dir1 or /home/user1 a mount point?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 

Author Comment

by:iit
ID: 8231536
No.

I gave even read permisson to the parent directory of dir1, /home/user1. It still didn't work. Thank you.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8234511
try with:
  su - user2
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8237229
Am I getting something wrong ?

By default /home/user has permissions rwx------. So you can't cd in that directory if you are not that user.
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8237304
Oh, you need execute permission in order to cd into a directory. read is needed for ls
0
 

Author Comment

by:iit
ID: 8239215
ahoffmann, No, it didn't work. using su - user2 just took me to home directory of user2 /home/user2

mbarbos,

/home/user1/dir1 is the directory i am trying to access as user2. As user1 i have given permissions
"chmod -R a+rwx dir1" dir1 has full permissions?

as user1 i moved to /home/user1/dir1
then su user2 <-- successful login leaves you in the same directory, /home/user1/dir1
All operations works now. So, when am already in dir1 it works as expected.

cd <-- cd's to /home/user2
then ls /home/user1/dir1 gives permission denied.

When user2 is in dir1 it works correctly.
0
 

Author Comment

by:iit
ID: 8239225
ahoffmann, No, it didn't work.

Comment:

I mean su - user2 didn't work differntly from su user2 with regads to permissions. it has changed my directory to /home/user2 when did su - user2, where as su user2 leaves me in the directory where i am before.
0
 
LVL 6

Accepted Solution

by:
mbarbos earned 80 total points
ID: 8239350
That's what I said. Users ar not allowed by default to access other users home directory. So user 2 cannot cd to anything in /home/user1

You have to give x access to /home/user1 to user2 if you want user2 to be able to access anything below /home/user1

x (execute) access to a directory means cd right ot that directory.

try chmod +x /home/user1 :)
0
 

Author Comment

by:iit
ID: 8241398
Thanks, it works now.

I assumed i just need to give to the directory the other user accesses and not necessarily the parent directory. when i give it to /home/user1 it works.
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8241538
That's not the case. Basically, the directory tree is followed (according to the path in the command) and and rights are evaluated at each step. At least that's waht I know, I might be wrong.

Anyway, allowing any rights into somebody's home directory is wrong. The home directory is supposed to be private and when you start doiung things like that you usually end up (in time, at least) giving everybody rwx on that directory.

What you should probably do, is to creat a directory outside the /home hierarchy, create a group, make user1 and user2 members of that group and grant rights on that hierarchy to the group. But you might want to play also with the other directory flags (it can be entertaining sometimes ;-).

Thanks, for the points and excuse the lecture :)
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8241551
I'll start proof reading my posts in the future :-(
0
 

Author Comment

by:iit
ID: 8302543
thanks for the suggestion! I will play with permissions settigns and see if i can prevent other users seeing my home directory.

But, i am still confused. when am inside the directory dir1 and do an su user2 it works, am able to  do all sorts of operations. As long as i am in it, it works. but trying to come in to that directory doesn't work.

0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8302723
That's because you are already there. The right to cd into that directory doesn't matter since you are not changing the directory again. You are missing the x , which means you are not allowed to change into that directory but it doesn't mean that you are not allowed to read or write in that directory.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month12 days, 20 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question