Directory Permissions

Hey Experts!

I have a user that is constantly adding things to there /usr/lib folder...but the only way they were able to copy the files successfully was as root.

So as the root user, I change the permissions of the folder so that she could read/write the folder.

But the permissions have reverted to the old and she is unable to add the files unless she is the super user. Which is a step that I'd like to avoid.

I'm not concerned with them screwing up there OS.

My question, how do I set the permissions of /usr/lib so that she can add/write/edit/read files and that they don't change to the original?

(OS = Mandrake 10.1)

Thanks.

Rob
qball2k5Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

paullamhkgCommented:
try this

chown -R userA:root /usr/lib

chmod -R 770 /usr/lib

and ask the userA login and try again.
0
ravenplCommented:
> chmod -R 770 /usr/lib
this is far too tight! how other users are to dynamically load those libraries?

however, I assume, the problem is, that some cron security jobs are reverting those ownership/perms to original state - is that right?

Maybe You should write some simple script
#!/bin/sh
FILETOCOPY=`basename "$1"` # has to be in current directory
[ `id -u` == uidofthepermitteduser ] || exit 1; #this line may be omitted, it's just extra security already provided with sudo
cp -iv "$FILETOCOPY" /usr/lib
#endOfScript

then configure the user in /etc/sudoers to be allowed to run this script with root privs
username ALL=/path/to/the/script *
0
wnrossCommented:
Hi, mandrake has a cron task called msec which will revert permissions back to the (considerably) more secure defaults

Go into /etc/security/msec/

create a file called perm.local

in it, write something similar to

/var/lib                               current         755
/var/lib/someuserspace       jsmith.users  755
/var/lib/someuserspace/*    jsmith.users  644

view /usr/share/msec/perm.$SECURITY to see the defaults

Then wait about a hour for the msec process to do the filesystem checks


Incidentally, user access to the full lib folder == bad, perhaps you can limit them to a
subfolder instead?

Cheers,
-Bill
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

wnrossCommented:
Whoops, of course I meant /usr/lib/, not /var/lib

Cheers again
-Bill
0
qball2k5Author Commented:
I agree that doing this isn't good....But her development process requires this to be possible.

I noticed that msec did reset the permissions....I'm going to have to consider your solution...maybe there is a better way.....perhaps /usr/local/lib instead.

Thanks
0
wnrossCommented:
I wouldn't fight with msec too much, it's there to help with security.  Does your developer need write access to the whole
folder?

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.