Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Question about rights

  1. #1
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Question about rights

    Hi I have an odd question

    If I needed to give three or two users right to cat /var/log/messages How could I go about doing that?

    If it was one person I guess I could give that one person ownership to the file, it will work but the method is questionable. Now for two or more people has any done anything like it.


    Thanks
    Hmmmm I wonder how long before im good at this????????????

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,923
    Blog Entries
    2

    Default Re: Question about rights

    Quote Originally Posted by hgallo View Post
    Hi I have an odd question

    If I needed to give three or two users right to cat /var/log/messages How could I go about doing that?

    If it was one person I guess I could give that one person ownership to the file, it will work but the method is questionable. Now for two or more people has any done anything like it.


    Thanks
    IMO,
    Your Users only need read access.

    Recommend especially if these two(or more) Users might end up needing similar access together to other files that you create a User Group, then grant Read permissions on specific files for them. If at any time in the future you want to grant same access to others, just add those User Accounts to your custom User Group.

    If you're unsure using the command line, you can create the custom User Group and add the User accounts in YAST >> User & Group Management, then use something like Dolphin to grant appropriate permissions.

    HTH,
    Tony

  3. #3
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Re: Question about rights

    Quote Originally Posted by tsu2 View Post
    IMO,
    Your Users only need read access.

    Recommend especially if these two(or more) Users might end up needing similar access together to other files that you create a User Group, then grant Read permissions on specific files for them. If at any time in the future you want to grant same access to others, just add those User Accounts to your custom User Group.

    If you're unsure using the command line, you can create the custom User Group and add the User accounts in YAST >> User & Group Management, then use something like Dolphin to grant appropriate permissions.

    HTH,
    Tony
    Hmmmm ok but for instance the /var/log/messages

    Code:
    -rw-r----- 1 root root     1243110 Feb 12 16:38 messages
    its own by the user root and group root. In this instance would I change the group to e.g. "cat_group" ?

    Thanks Tony....
    Hmmmm I wonder how long before im good at this????????????

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,500
    Blog Entries
    15

    Default Re: Question about rights

    Quote Originally Posted by hgallo
    Hi I have an odd question

    If I needed to give three or two users right to cat /var/log/messages
    How could I go about doing that?

    If it was one person I guess I could give that one person ownership to
    the file, it will work but the method is questionable. Now for two or
    more people has any done anything like it.


    Thanks

    Hi
    Create a new group say 'logviewers' then add the users to this group
    (as well as root) then change the group ownership of the file;
    Code:
    chown root:logviewers /var/log/messages
    Then you need to add the file and permissions to /etc/permissions.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.27-0.2-default
    up 1 day 17:33, 3 users, load average: 0.22, 0.14, 0.37
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.36


  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Question about rights

    On 2011-02-12 22:36, hgallo wrote:
    >
    > Hi I have an odd question
    >
    > If I needed to give three or two users right to cat /var/log/messages
    > How could I go about doing that?


    Besides changing the group ownership, you can configure sudo.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  6. #6
    Join Date
    Jan 2009
    Location
    Queens
    Posts
    126

    Default Re: Question about rights

    Hey Thanks everyone....
    Hmmmm I wonder how long before im good at this????????????

  7. #7
    Join Date
    Jun 2008
    Location
    Berlin
    Posts
    2,061

    Default Re: Question about rights

    Quote Originally Posted by robin_listas
    Besides changing the group ownership, you can configure sudo.
    I am not a sudo-expert, but isn't sudo rather managing permissions to run a command than file-rights? The command 'cat' can be used by every user.

  8. #8

    Default Re: Question about rights

    gropiuskalle wrote:
    > "robin_listas" Wrote:
    >> Besides changing the group ownership, you can configure sudo.

    >
    > I am not a sudo-expert, but isn't sudo rather managing permissions to
    > run a command than file-rights? The command 'cat' can be used by every
    > user.


    cat can be used by every user but if the file is not readable by the
    user then it doesn't help. So one has to use sudo cat and then the sudo
    rules apply. And the sudo rules can get pretty complicated, probably
    complicated enough to use them as carlos suggests.

    Changing the group of /var/log/messages doesn't sound a great idea,
    especially since upgrades will probably revert it and any security
    monitor ought to find it. Using sudo avoids that.

    Another approach might be to use ACLs, if your system is configured to
    use them.

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Question about rights

    On 2011-02-14 15:36, gropiuskalle wrote:
    >
    > "robin_listas" Wrote:
    >> Besides changing the group ownership, you can configure sudo.

    >
    > I am not a sudo-expert, but isn't sudo rather managing permissions to
    > run a command than file-rights? The command 'cat' can be used by every
    > user.


    The command allowed can include the options and the parameters. If you do
    not match the exact line, you are not allowed.

    Notice that there is a common misconception regarding sudo; when here
    people say to somebody, for example "type fdisk -l" and enter the root
    password when asked, we are assuming the _wrong_ sudo configuration. Sudo
    is intended to ask for your user's password, not root's. If you know the
    root password, you can do anything, there is no very much real point in
    using sudo in that case.



    Notice this comment in the file /etc/sudoers:

    # In the default (unconfigured) configuration, sudo asks for the root password.
    # This allows use of an ordinary user account for administration of a freshly
    # installed system. When configuring sudo, delete the two
    # following lines:
    # Defaults targetpw # ask for the password of the target user i.e. root
    # ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!


    Then this will work:


    cer Telcontar= (root) NOPASSWD: /bin/cat /var/log/messages

    or

    cer Telcontar= (root) /bin/cat /var/log/messages



    The first one doesn't ask for the password, the other requests for cer's
    password. If the user types one letter changed, he is not allowed to do that.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  10. #10
    Join Date
    Jun 2008
    Location
    Berlin
    Posts
    2,061

    Default Re: Question about rights

    Quote Originally Posted by robin_listas
    The command allowed can include the options and the parameters. If you do
    not match the exact line, you are not allowed.
    That's what I was missing (I hardly work with sudo), so thank you for the clarification.

    Quote Originally Posted by robin_listas
    Notice that there is a common misconception regarding sudo; when here
    people say to somebody, for example "type fdisk -l" and enter the root
    password when asked, we are assuming the _wrong_ sudo configuration. Sudo
    is intended to ask for your user's password, not root's. If you know the
    root password, you can do anything, there is no very much real point in
    using sudo in that case.
    I knew that before, yet I give a fat +1 for that. sudo is misunderstood and misused very often.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •