[Techtalk] Protecting spouse, kids from each other and limiting access

Sun Sep 29 08:18:25 EST 2002

On Friday 27 September 2002 08:53 am, Alvin Goats wrote:
> Hi!
>
> I have a problem I'm trying to resolve and have not been able to fix the
> issue.
>
> I have basically 4 levels of users, including root, that have different
> requirements. I can adduser, addgroup, but the DETAILS of how to limit
> access and all is missing. man pages, FAQ's, books on sysadmin basically
> say it can be done, but the details are for a single need (all users are
> the same and there isn't a need for anything else but root).
>
> My situation:
>
> 1) kids: need access to /home/username only; can't view anybody else's
> directories, do NOT have access to ppp/chat, are blocked from certain
> directories/devices. These are my munchkins ages 6 and 8. Internet
> access supervised. I plan on kde for their desktop.
>

This is the default, all users except root can access only their own home 
directories, and are blocked from a number of system directories and 
commands. Create a group for the youngsters, then add additional group 
restrictions as you need. 

> 2) users: need access to /home/username, can view each other's
> directories, CAN ppp/chat, run most software. I plan on kde for their
> desktop. This is my spouse and teens who need to surf, play games, do
> homework et al. Access blocked from certain directories/devices.

If you need shared directories, set those up separately. Linux does not like 
to give users access to each other's home directories, I don't see a good 
reason to mess with this. Why should your users be able to snoop in other 
user's personal stuff, like mail and personal files? Only root has this 
power, and that's the way it should be.

Create a group, such as adultusers, that has permissions for the things you 
want them to access. 

>
> 3) poweruser: basically me. Access to all directories/devices, including
> those blocked to everyone else. Essentially "root" in safe mode. All
> window managers available.

Again, this is already done in Linux. Create your own user account, then su 
to root for admin chores. 

>
> 4) root: "god mode". Totally unsafe, dangerous. Can do anything to any
> user, any file, device, directory. Total access capability.

Very rarely do you ever need to log in as root. Leave it alone, use su.

>
> Exactly HOW DO YOU set multiple users access to a directory, and block
> others? I understand it is done by setting groups, hence kids, users,
> poweruser, root. But how do you set poweruser and root to have access to
> /hdd6 and no other group? How do you keep kids locked into
> /home/username and unable to wander anywhere else?

Buy Essential System Administration, 3rd Edition, by Aeleen Frisch. It is my 
most favorite Linux book. It will save you a lot of frustration. She covers 
this topic very well. It is rather complex, there are a lot of tools such as 
chown, setuid, sudo, and access control lists at your disposal.

> This issue is the main one keeping me from starting them
> onto linux (my wife is worried she might damage my files or mess up my
> computer). I have work and software they don't need and don't need to
> see at all, so access is blocked. 

There is far less danger of your users damaging Linux system files than 
Windows. Windows system files are wide open to the world. Do not worry about 
Slackware, it can take care of itself. The Linux sysadmin's main job with 
user management is keeping them away from data files they don't need to see, 
and adding additional restrictions as needed, such as for your young ones.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder, Bratgrrl Computing
Plain English Spoken Here
www.bratgrrl.com
this message brought to you by Kmail,
on Red Hat Linux 7.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~