[Techtalk] Protecting spouse, kids from each other and limiting access

Jenn Vesperman jenn at anthill.echidna.id.au
Sat Sep 28 09:32:03 EST 2002 

On Sat, 2002-09-28 at 01:53, Alvin Goats wrote:

> Exactly HOW DO YOU set multiple users access to a directory, and block
> others? I understand it is done by setting groups, hence kids, users,
> poweruser, root. But how do you set poweruser and root to have access to
> /hdd6 and no other group? How do you keep kids locked into
> /home/username and unable to wander anywhere else? 
> 
> /etc/groups shows things like: users::100:lesa,aurora,tab. So, where do
> the limitations come in? How do I set them?

In the directory, using the commands chmod and chgrp. /etc/groups sets
the groups up, but you put the permissions themselves in the directories
and files.


Like this:

$ chgrp -R /hdd6 powerusers
$ chmod -R g+rwx a-rwx /hdd6
$ ls -la /hdd6
drwxrwx---   79 root     powerusers         4096 Sep 28 09:20 .
drwxrwx---   12 root     powerusers         4096 Sep  7 20:23 ..
drwxrwx---    2 root     powerusers         4096 Sep 18  2000 foo
-rwxrwx---    1 root     powerusers         1971 Aug 13 05:47 bar
-rwxrwx---   14 root     powerusers           93 Mar 20  2001 baz

Information on these things can be found under 'file permissions' in
your system adminstration book, but the executive summary is:


$ chgrp -R powerusers /hdd6

Change the group, recursively, of the directory /hdd6 to the group
powerusers.


$ chmod -R g+rwx a-rwx /hdd6

Change the mode (file permissions), recursively to add read, write and
execute permissions for the group and remove it for 'all', on the
directory /hdd6

$ ls -la /hdd6
drwxrwx---   79 root     powerusers         4096 Sep 28 09:20 .
drwxrwx---   12 root     powerusers         4096 Sep  7 20:23 ..
drwxrwx---    2 root     powerusers         4096 Sep 18  2000 foo
-rwxrwx---    1 root     powerusers         1971 Aug 13 05:47 bar
-rwxrwx---   14 root     powerusers           93 Mar 20  2001 baz

Look at the file permissions for all files in /hdd6.


The relevant columns are:

---- directory or not?
| ------ owner's permissions
| |  ------- group permissions
| |  |  -------- everyone else's permissions
| |  |  |
| ^  ^  ^
V/ \/ \/ \
drwxrwx---
drwxrwx---
drwxrwx---
-rwxrwx---

The permissions are 

r - read
w - write
x - execute


Note that you need to be able to execute a directory to get into it.



Does this clarify things for you?



Jenn V.
-- 
    "Do you ever wonder if there's a whole section of geek culture 
        	you miss out on by being a geek?" - Dancer.

jenn at anthill.echidna.id.au     http://anthill.echidna.id.au/~jenn/

More information about the Techtalk mailing list