Linux user read only permissions

Give read-only access to specific folders?

I would like to give read-only access to a user but I want him/her to see only the exact folders I give access. for example he/she shouldn’t travel around all the server and browse to all users folders etc. even if he/she only goes up, up, up I want him/her to go to only these specific folders I allow. So firstly how can I let a specific user have access to a specific folder and then would putting symbolic links to his/her home folder would help? So they can go directly to necessary folders but not up or down?

2 Answers 2

You should set necessary directory permissions. For directories they are:

  • read: permitted to view files and sub-directories in that directory
  • write: permitted to create files and sub-directories in that directory
  • execute: permitted to enter into a directory.

For files the situation is similar, it’s quite obvious, so you can handle it on your own.

Numeric these permissions:

To edit permissions use chmod . Usage: chmod xyz

jack and jack’s group will have read+write access to /home/jack and all it’s sub-directories. The rest will have only read access. -R option here used to recursively set permissions.

will give jack full access to /home/jack/video directory. See also: chown , chgrp for changing owner and owning group.

Источник

File Permissions in Linux / Unix: How to Read, Write & Change?

Linux is a clone of UNIX, the multi-user operating system which can be accessed by many users simultaneously. Linux can also be used in mainframes and servers without any modifications. But this raises security concerns as an unsolicited or malign user can corrupt, change or remove crucial data. For effective security, Linux divides authorization into 2 levels.

The concept of Linux File permission and ownership is crucial in Linux. Here, we will explain Linux permissions and ownership and will discuss both of them. Let us start with the Ownership.

Click here if the video is not accessible

Linux File Ownership

Every file and directory on your Unix/Linux system is assigned 3 types of owner, given below.

User

A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.

Group

A user- group can contain multiple users. All users belonging to a group will have the same Linux group permissions access to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only this group members and no one else can read or modify the files.

Other

Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred as set permissions for the world.

Now, the big question arises how does Linux distinguish between these three user types so that a user ‘A’ cannot affect a file which contains some other user ‘B’s’ vital information/data. It is like you do not want your colleague, who works on your Linux computer, to view your images. This is where Permissions set in, and they define user behavior.

Читайте также:  Adding user linux command

Let us understand the Permission system on Linux.

Linux File Permissions

Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.

  • Read: This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.
  • Write: The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
  • Execute: In Windows, an executable program usually has an extension “.exe” and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it.

Linux File Permissions

Let’s see file permissions in Linux with examples:

ls – l on terminal gives

Linux File Permissions

Here, we have highlighted ‘-rw-rw-r–‘and this weird looking code is the one that tells us about the Unix permissions given to the owner, user group and the world.

Here, the first ‘‘ implies that we have selected a file.p>

Else, if it were a directory, d would have been shown.

Linux File Permissions

The characters are pretty easy to remember.

r = read permission
w = write permission
x = execute permission
= no permission

Let us look at it this way.

The first part of the code is ‘rw-‘. This suggests that the owner ‘Home’ can:

  • Read the file
  • Write or edit the file
  • He cannot execute the file since the execute bit is set to ‘-‘.

By design, many Linux distributions like Fedora, CentOS, Ubuntu, etc. will add users to a group of the same group name as the user name. Thus, a user ‘tom’ is added to a group named ‘tom’.

The second part is ‘rw-‘. It for the user group ‘Home’ and group-members can:

The third part is for the world which means any user. It says ‘r–‘. This means the user can only:

 Linux File Permissions

Changing file/directory permissions in Linux Using ‘chmod’ command

Say you do not want your colleague to see your personal images. This can be achieved by changing file permissions.

We can use the ‘chmod’ command which stands for ‘change mode’. Using the command, we can set permissions (read, write, execute) on a file/directory for the owner, group and the world.

chmod permissions filename

There are 2 ways to use the command –

Absolute(Numeric) Mode in Linux

In this mode, file permissions are not represented as characters but a three-digit octal number.

The table below gives numbers for all for permissions types.

Number Permission Type Symbol
0 No Permission
1 Execute –x
2 Write -w-
3 Execute + Write -wx
4 Read r–
5 Read + Execute r-x
6 Read +Write rw-
7 Read + Write +Execute rwx
Читайте также:  Why linux is good

Let’s see the chmod permissions command in action.

Absolute(Numeric) Mode in Linux

In the above-given terminal window, we have changed the permissions of the file ‘sample to ‘764’.

Absolute(Numeric) Mode in Linux

‘764’ absolute code says the following:

  • Owner can read, write and execute
  • Usergroup can read and write
  • World can only read

This is shown as ‘-rwxrw-r–

This is how you can change user permissions in Linux on file by assigning an absolute number.

Symbolic Mode in Linux

In the Absolute mode, you change permissions for all 3 owners. In the symbolic mode, you can modify permissions of a specific owner. It makes use of mathematical symbols to modify the Unix file permissions.

Adds a permission to a file or directory

Sets the permission and overrides the permissions set earlier.

The various owners are represented as –

Источник

Give read only access to every user for a folder

I am the owner of directory mydir .
I don’t have root access.
How can I give only read access to someone so that they can create a local copy of mydir ? Edit: ChatGPT tells me chmod -R o+r mydir should work. Is this correct?

Your question does not show the current permissions of your directory, nor if ACLs are set up. Maybe someone can already read mydir . Or maybe an admin has made it impossible. We need to know your starting point.

2 Answers 2

ChatGPT is wrong, because it cannot understand that words have different meanings to different people.

The commonsense meaning of read access is different from the technical meaning of read permissions.

Surprisingly, access to a directory is determined by execute, not read, permissions. A lack of directory read permissions only prevents listing unknown contents, not access to them.

So in addition to adding read access to the files and directories, you also need to add a capital X to add execute permissions only for the directories, not the files:

The -R means recursive, it applies to all files and directories within.

The go+ adds those permissions for every user (the g means including those in the same group as the file, just in case).

But that might still not be enough.

All parent directories of the directory to be shared will also require execute permissions to allow access to the inner directory, which I’m assuming in this case is somewhere within your home directory.

You cannot allow access to your cupboard without allowing access into your home (directory), though you may already be allowing this.

You can lock all the other doors (the read, write, and execute permissions of files and other sub-directories), and you can leave the lights off (that directory’s read and write permissions), but by guessing filenames, people can still feel their way around the corridor from different error messages even if they cannot peek inside the rooms:

$ ls parent_dir ls: cannot open directory 'parent_dir': Permission denied $ cat parent_dir/exists cat: parent_dir/exists: Permission denied $ cat parent_dir/doesn\'t cat: "parent_dir/doesn't": No such file or directory 

And even if you carefully lock all those inner doors, new unlocked doors might be created by programs you later run.

So I’m not sure you want to do this, but to make the inner directory accessible to every user:

chmod go+X mydir/.. chmod go+X mydir/../.. 

etc, up to and including /home/$USER .

What you might want instead

If you maybe now want to only trust a specific user, not everyone, you could create a special case with ACLs instead:

setfacl -m OTHER_USERNAME:X mydir/.. setfacl -m OTHER_USERNAME:X mydir/../.. 

etc, again up to and including /home/$USER .

Читайте также:  Linux system call read

You could even remove this as soon as they are done copying, with:

setfacl -x OTHER_USERNAME mydir/.. 

But then if you really just wanted to allow someone to make a one-time copy of it, and the directory isn’t too large, it would be much easier to just copy it to /var/tmp , run chmod -R go+rX /var/tmp/mydir , then delete it when the other user is done copying from that.

Источник

How to give a specific user a read ONLY permission to a specific folder in Linux without root?

I want to give a specific user with the username userA permission to only read a folder that I created. Every other post that I found says you should either create a new group, which I cannot because I do not have root permission. When I tried creating a group groupadd class1 it displayed the following message:

 groupadd: Permission denied. groupadd: cannot lock /etc/group; try again later 

The other solution that was suggested by different posts is that I should make the user an owner of the folder, which I’m not comfortable doing because I do not want them adding others to the folder.

IIRC Ubuntu defaults to create groups for each user that is their username. IE username would be ‘userA’ and they’d have a group ‘userA’. You could assign the file to the ‘userA’ group and give the file group permissions for read-only.

2 Answers 2

You can do it using ACLs (Access Control Lists).

setfacl -m u:userA:rx folder

if you want to give userA access to folder only (the user won’t be able to read files within folder) or

setfacl -R -m u:userA:rX folder

if you want to give access to folder and all (already existing) files and subfolders within it.

Is class1 the folder in question? Are you the owner of it? If no, you cannot change permissions for that folder at all.

«Operation not supported» may also indicate that the filesystem does not support ACL or has been mounted without ACL option. In that case, only your admin can help.

Seems like you might really have TWO problems. But you also might not.

    Your /home directory, the only place where a non-admin can reliably store files, has historically had a default setting of world-readable. EVERYBODY can already read all of your files. and write to (almost) none of them.

$ ls -lah /home/ total 16K drwxr-xr-x 4 root root 4.0K Dec 3 2016 . drwxr-xr-x 24 root root 4.0K Oct 16 2019 .. drwxr-xr-x 21 1001 1001 4.0K Aug 17 2017 susan drwxr-xr-x 45 me me 4.0K Oct 20 15:30 me 
$ ls -lah /home/ total 16K drwxr-xr-x 4 root root 4.0K Dec 3 2016 . drwxr-xr-x 24 root root 4.0K Oct 16 2019 .. drwx--x--x 21 1001 1001 4.0K Aug 17 2017 susan drwx--x--x 45 me me 4.0K Oct 20 15:30 me 

Now Susan cannot read my files anymore (nor I hers), and I must use a group to grant access to anybody else. You are completely right that only an admin can create a group, and only an admin can edit the members of that group. Step 1: You can change the permission of your own directories and files. Example:

mkdir /home/me/public-view chmod 751 /home/me/public-view // 7 means you have complete control over the directory // 5 means 'read-only' for members of the group // 1 means nobody outside you or the group can access it // but it will still show up on directory listings 

Источник

Оцените статью
Adblock
detector