Avatar of oo07
oo07 asked on

Restricting user

I created a user account to scp a file to an NFS server:/shared/prices thru winscp from her laptop.
Our concern is if created an account for the user in Unix box, she may corrupt or move other files in this share. How can we restrict the user to be confined and not damage any files in this directory share.
File Sharing SoftwareSecurityLinux

Avatar of undefined
Last Comment
oo07

8/22/2022 - Mon
omarfarid

don't let the user own the dir. Let the owner be some other user and add the write and sticky bit to the dir hence user can add her own files and delete them but can not delete others files:

chmod +w /dir
chmod +t /dir
ASKER
oo07

b0lsc0tt

I have not problem with this linux zone. Go ahead


omarfarid:
drwxr-xr-x   3 abciadmin   abcgroup      2048 May 23 15:03 pricechanges

Under this directory is

drwxr-xr-x   2 xpiadmin   xpigroup      3072 May 23 15:03 archive
-rwxr-xr-x   1 massprix       user           6031 May 23 14:12 price.csv.20080523

Massprix user is the one that always winscp the price.csv to this pricechanges directory. We wanted massprix to just copy the file and cannot delete or alter other files in the pricechanges directory. After massprix move the file to this directory , a  script will move the current price.csv.20080523 file to archive directory. Please give me the details on how I could do this with sticky bit. Will it affect other users accessing this shared directory or anything above the pricechanges directory?




omarfarid

I thought that the files belong to some other user. sticky bit will help in one case that you have a cron job that changes the ownership of the files to some other user (and the dir itself is owned by other user)
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
oo07

Omarfarid,
Please elaborate on your last recommendation. I cannot understand. Pleae add exaple based on the dir and accounts I submitted. Thank


omarfarid

I will give example and you may see how you can implement it in your case.

mkdir /mydir
chown user1 /mydir
chmod +w /mydir
chmod +t /mydir

The above commands create a dir /mydir , change ownership of /mydir to user1 , give everyone write perm on this dir, then set the sticky bit on it.

This will allow other users to create files under this dir and delete them. But, because of the sticky bit, they can not delete others files. Now, if you don't want them to delete even their files, you then change the ownership of those files, and revoke write perm on them

chown user1 /mydir/*
chmod a-w /mydir/*
ASKER
oo07

Is there any problem with sticky bit on other files or apps in the directory?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
omarfarid

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
oo07

Thanks Omarfarid