Results 1 to 9 of 9

Thread: Urgent Login? Please help!

  1. #1

    Default Urgent Login? Please help!

    Dear opensuse users!

    I have opensuse 10.3 box to my web directory where I hold
    all web pages I login only with root. By default I can change anything on my box with root. Now I need to give temporary access right to one user on my opensuse 10.3 box.
    Users are allowed to modify their directories/folders under /HOME/USER, but now I want to give to that USER a permission to access and modify SRV/WWW/HTDOCS/folder.
    Since I have more folders in HTDOCS I only want to give access to that user for one folder in HTDOCS. To one that I'll create for him. I don't want that he download or change anything else on my box such as postfix, mysql, etc.

    How to do it ?
    Please help..

    Erik

  2. #2
    Join Date
    Jun 2008
    Location
    Finland, European Union
    Posts
    1,879

    Default Re: Urgent Login? Please help!

    Create a new group, add needed users to that group. Change ownership on the folder that you wish to give the user access to that group and give them suitable permissions.

    man groupadd
    man groupmod

    are your friends

  3. #3
    Join Date
    Mar 2008
    Location
    Vsters, Sweden ex. Highbury London UK
    Posts
    1,245

    Default Re: Urgent Login? Please help!

    Quote Originally Posted by erik100 View Post
    .. I login only with root.
    Erik
    Really BAD idea to log in as root!
    As to your question have a read here

    /Geoff

  4. #4
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Urgent Login? Please help!

    @Chrysantine -- I would just chown username:users /pathto/folder
    So what am I missing?
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  5. #5
    Join Date
    Jun 2008
    Location
    Finland, European Union
    Posts
    1,879

    Default Re: Urgent Login? Please help!

    Quote Originally Posted by swerdna View Post
    @Chrysantine -- I would just chown username:users /pathto/folder
    Oh that's true - I was just assuming he wants to create a folder that only that user can modify (and root), not every user in the system.

    My bad perhaps.

  6. #6
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Urgent Login? Please help!

    maybe chmod 700 /pathto/folder
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  7. #7

    Default Re: Urgent Login? Please help!

    Still confused!

    What there could go wrong if I login to my box with ROOT.
    Usually I use root login for WEBMIN, WinSCP, Putty.
    I see no diference if I move around WEBMIN with root or ANY-USER login who's got same permissions as root?

    Or, am I missing something?

    OK. Let's say, is it possible to make a folder permissions for a user in YAST?

    If yes, how?

    Sorry for my ignorance

    PS. I welcome all PM support suggestions.

    Erik

  8. #8
    ab@novell.com NNTP User

    Default Re: Urgent Login? Please help!

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    The 'root' account isn't necessarily evil, it's just necessarily
    powerful as it is THE superuser. As such if you login with it you can
    do anything and, because how *nix OS's are designed (properly), this is
    not usually necessary. For example for web administration (manipulating
    html, php, etc.) 'root' should NEVER be used because there's no way you
    need it. For manipulating services like Apache on the service level
    'root' may be required but should only be used for making the changes
    that require root's power.

    Logging in directly as 'root' is typically a no-no because you can't
    tell who did it. Who SSH'd in as 'root'? If you disable root logins a
    user on the system must login using their own credentials first so there
    is an audit trail of who actually performed the login. For somebody
    trying to steal passwords by watching admins typing them this means they
    must now steal two passwords (regular user and root) to get privileged
    power.

    The difference between using 'webmin' as root or somebody else depends
    on how webmin is implemented. If actually uses the credentials of the
    user logged in then using 'root' means you have no protections
    implemented by the filesystem against accidents (mis-clicks, typos,
    etc.). If webmin uses some set of credentials regardless of who logs in
    and then limits the user from there the same applies but then on an
    application (instead of filesystem) level. It all goes back to the
    concept of "least privilege". Don't use more than you need for a
    specific task and, when needed, require a way to track the login back to
    a real person (doubtful you have an employee whose name is 'root' so
    that doesn't fit the bill).

    Good luck.






    erik100 wrote:
    | Still confused!
    |
    | What there could go wrong if I login to my box with ROOT.
    | Usually I use root login for WEBMIN, WinSCP, Putty.
    | I see no diference if I move around WEBMIN with root or ANY-USER login
    | who's got same permissions as root?
    |
    | Or, am I missing something?
    |
    | OK. Let's say, is it possible to make a folder permissions for a user
    | in YAST?
    |
    | If yes, how?
    |
    | Sorry for my ignorance
    |
    | PS. I welcome all PM support suggestions.
    |
    | Erik
    |
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIWnFd3s42bA80+9kRAi5XAJ41qc1xFOBMj54BlP80aFchwUS/iQCeMjwm
    XZm/r4lgoiBPLiA8VwweYIw=
    =2X+O
    -----END PGP SIGNATURE-----

  9. #9
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Urgent Login? Please help!

    Here's how to make a directory called "dirname" at location /pathto/dirname and then change the ownership to billybob and then change the permissions to limit access. billybob is a normal Suse user.

    As root user open a console and create the directory
    mkdir /pathto/dirname
    Make owner to be billybob:
    chown billybob:users /pathto/dirname
    Change the permissions:
    The directory was created as drwxr-xr-x; i.e. u(user)=rwx, g(group)=rx, o(others)=rx
    Example 1: suppose you want to change it to drwx------ do this:
    chmod u=rwx,g=,o= /pathto/dirname
    Example 2: suppose you want to change it to dr--r--r-- do this:
    chmod u=r,g=r,o=r /pathto/dirname
    Example 3: suppose you want to change it to drwx--x--x do this:
    chmod u=r,g=x,o=x /pathto/dirname
    Or whatever you want, just alter this bit to match the mask: "u=?,g=?,o=?"

    I hope you get the drift
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •