Re: creating a user with only read permissions on all files



Maxwell Lol wrote:

Rahul <nospam@xxxxxxxxxxxxxx> writes:

Goal: "Create a user that has only read access (no w and x) to *all*
non- root files overriding any permissions users might have set"

Ah. Sorry for missing that part. So if someone sets a file to 700, you
want this special account to be able to read it.

Perhaps the best thing to do is to use sudo, so your special user can
do commands like ls and more with root permission.

Unfortunately, he wants to be able to read the file, but not be able to
modify it, etc., and most commands you could strictly set sudo
permission to use, could be used to modify the file by the hand of a
malicious user (if that user ever got access to the account -- as I
don't get the impression the OP wants to have to send a password to the
sudo command either). I suppose that the OP could use sudo (without a
password prompt) and if there's no specific command to read/view the
data they want, they could have a script set for a specific purpose to
be able to only view the files in a secure manner. I think the OP
really has a lot of choices, just not a natural one in the way they
want.
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!
.