[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

Permissions for individual users

Hi, have an SSH box at my house and I gave a few of my friends a shell.  Just so they dont screw around, I've been doing

chmod 700 telnet
chmod 700 nmap

etc..

Now, this effectively prevents them from accessing those programs. Is there anyway to give certain users access, while denying others?

Thanks
0
dissolved
Asked:
dissolved
  • 6
  • 3
  • 2
  • +1
3 Solutions
 
jlevieCommented:
You could create a special group, place those users in that group, change group ownership for telnet, nmap, etc, to be that group, and finally set the mode of those utilities to be 0750.
0
 
dissolvedAuthor Commented:
Ok, so make a new group and throw the users in there.

1. How do I change group ownership for telnet and nmap

2. What do you mean by "set the mode of those utilities to be 0750" ?  

Sorry, still working on this linux stuff :D
0
 
SunjithCommented:
>1. How do I change group ownership for telnet and nmap
chgrp groupname /path/to/file

eg:
chgrp special /usr/bin/nmap

You must add the group first:
groupadd special


2. What do you mean by "set the mode of those utilities to be 0750" ?
chmod 750 /path/to/file

The process is something like this:
================
[22:45:51][root@admod:~]# chgrp wheel file
[22:46:06][root@admod:~]# ls -l file
-rw-r--r--  1 root wheel 0 Sep 12 22:45 file
[22:46:08][root@admod:~]# chmod 750 file
[22:46:25][root@admod:~]# ls -l file
-rwxr-x---  1 root wheel 0 Sep 12 22:45 file
====================
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
dissolvedAuthor Commented:
Thanks sunjith.  A few more questions (for anyone)

1. Ok, I created the group "special".   Is it possible to move existing users into it?

2. What does the "chgrp special /usr/bin/nmap"   command do exactly?

3. Would it be possible for someone to give me the exact commands( in order) if its not too much trouble?  Having trouble grasping the concept.

thanks!
0
 
jlevieCommented:
> Ok, I created the group "special".   Is it possible to move existing users into it?

Yes, edit /etc/passwd and change the group ID for those users. The group ID is the fourth field, e.g.:

nfsnobody:x:65534:65534:Anonymous NFS User:
                                      ^^^^^

The for each user that you've made a member of the special group eecute:

chgrp -R special /home/username

> What does the "chgrp special /usr/bin/nmap"   command do exactly?

That sets the group ownership of the specified file to be special (do an 'ls -l /usr/bin/nmap' before and after and you'll see what happened).

> Would it be possible for someone to give me the exact commands( in order) if its not too much trouble?  Having
> trouble grasping the concept.

Okay, using /usr/bin/telnet, group special => 101 (your value will differ, check /etc/group), and the auser account:

chgrp special /usr/bin/telnet
chmod 0750 /usr/bin/telnet

Now for each user that will have this access:

1) Edit /etc/passwd and change the forth field to be 101:

auser:x:501:501:Special Friend:/home/auser:/bin/bash
--becomes--
auser:x:501:101:Special Friend:/home/auser:/bin/bash

2) Fix home dir ownership:

chgrp -R special /home/auser
0
 
SunjithCommented:
>1. Ok, I created the group "special".   Is it possible to move existing users into it?
You may also use the following command to add an existing user to group 'special' instead of editing /etc/passwd manually:
usermod -G special username
0
 
SunjithCommented:
Also, you need not change the group of the home directory of the users to 'special'. If you change it, all users who are in special group may be able to access files/directories of other users in the same group.
0
 
MysidiaCommented:
You can also add additional groups for a user without changing their main login group
by running "vigr" as root or editing the configuration file /etc/group

it contains lines of the form
groupname:x:groupid:user1,user2,user3

This way you can make multiple such groups if you like

Of course none of these changes will effect users already logged in immediately
(logout+relog will make changes of this nature to take effect)
0
 
MysidiaCommented:
I mean add a user to multiple groups..

a user can only have one group in etc/passwd
0
 
SunjithCommented:
>What does the "chgrp special /usr/bin/nmap"   command do exactly?
In most Unix/Linux based FileSystem, a file has several properties. Some are File permissions, user id and group id. The file permission can be set independently read (r), write (w) or execute (x) for owner, group and others. The owner of the file is the user with the same uid as that of the file. If a file has some gid (say, special [it should be actually a numeral, though 'ls' usually resolves it to the group name]), all users who are part of that group (here, special) can have the permission as set for the group. The others means all those who are neither the owner of the file nor in the group of the file.
What chgrp does (as shown by 'ls'):
=============
[00:40:25][root@admod:~]# ls -l file
-rw-r--r--  1 root root 0 Sep 13 00:39 file
[00:40:26][root@admod:~]# chgrp wheel file
[00:40:29][root@admod:~]# ls -l file
-rw-r--r--  1 root wheel 0 Sep 13 00:39 file
====================

'ls -l' output explained:
=============
-rw-r--r--  1 root wheel 0 Sep 13 00:39 file
|  |    |    |    |    |        |        |   -----------------    |
|  |    |    |    |    |        |        |              |             Name of the file  
|  |    |    |    |    |        |        |              |
|  |    |    |    |    |        |        |     Time stamp of file
|  |    |    |    |    |        |        |
|  |    |    |    |    |        |        This is the size of the file
|  |    |    |    |    |        |
|  |    |    |    |    |        This is the group of the file
|  |    |    |    |    |
|  |    |    |    |    This is the owner of the file.
|  |    |    |    |
|  |    |    |    This shows the number of hard links to this file
|  |    |    |
|  |    |    The next 3 chars are the permissions for the others
|  |    |
|  |    The next 3 chars are the permissions for the group
|  |
|  The next 3 characters are the permissions for the owner
|
This is the file type bit. It shows whether the file is a regular file, a directory, a character special file, a block special file, a fifo, etc.

Hope that helps
0
 
SunjithCommented:
There is a slight shift of the vertical lines when it came into the display :-(
Try to read it properly. If there is any doubt, please ask. I shall clarify.
0
 
dissolvedAuthor Commented:
Thanks guys, especially sunjith and jlevie for the detailed description. I am going to give this a try tomorrow. Wish me luck, I am a unix noob.
0
 
SunjithCommented:
Wish you all the best with all your Linux endeavors :-)
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 6
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now