Re: group permissions (was chroot ssh and ftp)

Dr Beco <rcb@xxxxxxx> wrote:
Now, for the permissions stated before, I got this until now:

Professors belong to two groups, professors and students
Students belong only to alumini
Admins belong to all

Then I run in professors /home/dirs the following command:
chown -R :professors paul peter patrick
chmod -R 700 paul peter patrick

The problem with this is that you're making files executable. Personally
I think you'd be better off just fixing just the professors' home
directories. Failing that, just tweak the group and other permissions:

chmod -R go= paul peter patrick


To students /home/dirs I did:
chown -R :students sam simon sony
chmod -R 770 sam simon sony
chmod g+s sam simon sony

Again, here you're making files executable, and you'd be better off just
tweaking the group and other permissions:

find sam simon sony -type d -exec chmod g=rwx,o= {} \;
find sam simon sony ! -type d -exec chmod g=u,g+r,o= {} \;


In your script:
if groups $USU | grep -q alumini; then
#echo Cleaning $USU, student.
chown -R $USU:student $USU
chmod -R u+rw,g+rw,o-rwx $USU
#echo Cleaning $USU, professor.
chown -R $USU:professor $USU
chmod -R u+rw,g-rwx,o-rwx $USU
chmod -R u+rw,g+rw,o-rwx $USU

the student user may want to have removed write permission from their own
access, so I would be inclined to honour that with something like this:

chown -R g=u,g+rw,o=


As I've suggested earlier, you probably don't need to tweak any of
the professors' files, but just enforce 0700 on each professor's home
directory.

Chris


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/v3ql49xq06.ln2@xxxxxxxxxxxxxxxxx

Relevant Pages

  • coreutils-5.94 released [stable]
    ... [basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd ... If that command fails because you don't have the required public key, ...
    (gnu.announce)
  • Re: [Full-Disclosure] Partial Solution to SUID Problems
    ... > that to chown or chmod the pty they just allocated. ... world-writable ttyXX. ... appropriately when you open ptyXX (which can be done only once, ...
    (Full-Disclosure)
  • root cannot chmod or chown a directory
    ... Am trying to chmod or chown a directory but am getting a chown: RPA: Not ... I'm supposed to be a superuser and I can't do this simple thing as root. ...
    (SunManagers)
  • Re: Security related questions
    ... could anyone explain some examples of setting up a restricted group for ... using chmod and chown.. ... Possable set up a special group for him. ...
    (freebsd-stable)
  • Re: group permissions (was chroot ssh and ftp)
    ... professors and students ... chmod -R 700 paul peter patrick ... for USU in $THEUSERS; do ... #echo Cleaning $USU, student. ...
    (Debian-User)