Directory Permissions

Posted on 2006-04-11
Last Modified: 2013-12-16
Hey Experts!

I have a user that is constantly adding things to there /usr/lib folder...but the only way they were able to copy the files successfully was as root.

So as the root user, I change the permissions of the folder so that she could read/write the folder.

But the permissions have reverted to the old and she is unable to add the files unless she is the super user. Which is a step that I'd like to avoid.

I'm not concerned with them screwing up there OS.

My question, how do I set the permissions of /usr/lib so that she can add/write/edit/read files and that they don't change to the original?

(OS = Mandrake 10.1)


Question by:qball2k5
    LVL 12

    Expert Comment

    try this

    chown -R userA:root /usr/lib

    chmod -R 770 /usr/lib

    and ask the userA login and try again.
    LVL 43

    Expert Comment

    > chmod -R 770 /usr/lib
    this is far too tight! how other users are to dynamically load those libraries?

    however, I assume, the problem is, that some cron security jobs are reverting those ownership/perms to original state - is that right?

    Maybe You should write some simple script
    FILETOCOPY=`basename "$1"` # has to be in current directory
    [ `id -u` == uidofthepermitteduser ] || exit 1; #this line may be omitted, it's just extra security already provided with sudo
    cp -iv "$FILETOCOPY" /usr/lib

    then configure the user in /etc/sudoers to be allowed to run this script with root privs
    username ALL=/path/to/the/script *
    LVL 7

    Accepted Solution

    Hi, mandrake has a cron task called msec which will revert permissions back to the (considerably) more secure defaults

    Go into /etc/security/msec/

    create a file called perm.local

    in it, write something similar to

    /var/lib                               current         755
    /var/lib/someuserspace       jsmith.users  755
    /var/lib/someuserspace/*    jsmith.users  644

    view /usr/share/msec/perm.$SECURITY to see the defaults

    Then wait about a hour for the msec process to do the filesystem checks

    Incidentally, user access to the full lib folder == bad, perhaps you can limit them to a
    subfolder instead?

    LVL 7

    Expert Comment

    Whoops, of course I meant /usr/lib/, not /var/lib

    Cheers again

    Author Comment

    I agree that doing this isn't good....But her development process requires this to be possible.

    I noticed that msec did reset the permissions....I'm going to have to consider your solution...maybe there is a better way.....perhaps /usr/local/lib instead.

    LVL 7

    Expert Comment

    I wouldn't fight with msec too much, it's there to help with security.  Does your developer need write access to the whole


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now