?
Solved

Directory Permissions

Posted on 2006-04-11
6
Medium Priority
?
233 Views
Last Modified: 2013-12-16
Hey Experts!

I have a user that is constantly adding things to there /usr/lib folder...but the only way they were able to copy the files successfully was as root.

So as the root user, I change the permissions of the folder so that she could read/write the folder.

But the permissions have reverted to the old and she is unable to add the files unless she is the super user. Which is a step that I'd like to avoid.

I'm not concerned with them screwing up there OS.

My question, how do I set the permissions of /usr/lib so that she can add/write/edit/read files and that they don't change to the original?

(OS = Mandrake 10.1)

Thanks.

Rob
0
Comment
Question by:qball2k5
6 Comments
 
LVL 12

Expert Comment

by:paullamhkg
ID: 16433060
try this

chown -R userA:root /usr/lib

chmod -R 770 /usr/lib

and ask the userA login and try again.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 16433823
> chmod -R 770 /usr/lib
this is far too tight! how other users are to dynamically load those libraries?

however, I assume, the problem is, that some cron security jobs are reverting those ownership/perms to original state - is that right?

Maybe You should write some simple script
#!/bin/sh
FILETOCOPY=`basename "$1"` # has to be in current directory
[ `id -u` == uidofthepermitteduser ] || exit 1; #this line may be omitted, it's just extra security already provided with sudo
cp -iv "$FILETOCOPY" /usr/lib
#endOfScript

then configure the user in /etc/sudoers to be allowed to run this script with root privs
username ALL=/path/to/the/script *
0
 
LVL 7

Accepted Solution

by:
wnross earned 500 total points
ID: 16439763
Hi, mandrake has a cron task called msec which will revert permissions back to the (considerably) more secure defaults

Go into /etc/security/msec/

create a file called perm.local

in it, write something similar to

/var/lib                               current         755
/var/lib/someuserspace       jsmith.users  755
/var/lib/someuserspace/*    jsmith.users  644

view /usr/share/msec/perm.$SECURITY to see the defaults

Then wait about a hour for the msec process to do the filesystem checks


Incidentally, user access to the full lib folder == bad, perhaps you can limit them to a
subfolder instead?

Cheers,
-Bill
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 7

Expert Comment

by:wnross
ID: 16439774
Whoops, of course I meant /usr/lib/, not /var/lib

Cheers again
-Bill
0
 

Author Comment

by:qball2k5
ID: 16440414
I agree that doing this isn't good....But her development process requires this to be possible.

I noticed that msec did reset the permissions....I'm going to have to consider your solution...maybe there is a better way.....perhaps /usr/local/lib instead.

Thanks
0
 
LVL 7

Expert Comment

by:wnross
ID: 16440958
I wouldn't fight with msec too much, it's there to help with security.  Does your developer need write access to the whole
folder?

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question