| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 79113 | 2007-05-08 12:10:00 | Linux question- RH9 and group permissions. | Niah (12233) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 548370 | 2007-05-08 12:10:00 | Hi I'll, I'm a new member to the boards, don't hold it against me . :p I am a student, currently doing a TAFE course in IT Networking & Network security, and I'm completely new to Linux, which is a problem . . . We are using Red Hat 9, if that makes any difference (I don't know what the difference is between all the versions) . We've been given a task regarding group creation and permissions, and I have been completely unable to find a way to do it . . . I have searched on the internet using all sorts of keywords, I have spoken to people who work with Linux (who seem to be of the opinion that it's impossible) and all to no avail- I can't find an answer, and I'm completely stumped . :help: Here is the question, as it was given to us: I would like a create a user group called 'projectusers' and it contains around 10 users . This individual user(member of projectusers) can login into the machine but s/he should not create, modify files . How can I do that on group level? (ie) The whole group shouldn't create,modify the files when they login but they can su to some group id's . Not only does this sound completely pointless, it also seems to be impossible . . . Although I have been assured that it is possible . . . Note, this is only the first part, after this we have these two questions: I would like to create another group called 'webadmin' and all web related software will be installed under this account . When I create a group called 'webadmin', Is it necessary to create a userid called 'webadmin'? Because the above users(projectusers) should su to webadmin to work . I want to add some of the members of projectusers to webadmin group and it helps them to su to webadmin . How can I do that? and I want to restrict the projectusers and webadmin members to su to root . How can I do that? My extensive internet searching did lead to one interesting discovery- our teacher actually got the question from a forum (and it's a rather old post to boot)- the people on the forum didn't even answer the question! Not only pointless, but contradictory and . . . Well, some of it just makes no sense! :waughh: Any solution has to be something I can actually show is possible . . . I haven't even had anything to attempt as of yet . I have never used Linux before, so I don't really know much about how it works, we're using it in VMWare server (I can't even figure out how to install the VMWare tools in it . . . ) so it runs incredibly slowly and is frustrating to use to say the least . If anyone could help with this I would be so grateful . . . I've just reached a dead end . :help: Thanks all, and hi! :) |
Niah (12233) | ||
| 548371 | 2007-05-08 12:21:00 | Hi Niah, considering it is currently 11.30pm in En Zed and about 9.30 pm in Seed Nee, most of the Linux using forum members are currently snuggled up in bed in their penguin flavoured PJs. If you were to check back in tomorrow afternoon there should be some helpful answers to your questions here. Cheers. |
winmacguy (3367) | ||
| 548372 | 2007-05-08 12:37:00 | Greetings Niah, Welcome to PressF1! Is it right that a forum / message board should give you the answers to your homework? I think part of the idea of it is that you learn for yourself (no disrespect intended here), rather than have somebody else hand you the answer on a silver platter... Now would be a good time to Google for How-To's on Ext3 permissions ;) |
Chilling_Silence (9) | ||
| 548373 | 2007-05-08 19:21:00 | As Chill mentions, having to figure it out how to achieve this under your own steam is the only way you will actually learn from the questions. As you seem to be struggling on where to even start, have a look at this: Managing User Accounts and Resource Access (www.redhat.com). Give it your best shot and see if you can work it out. It can't be that impossible to achieve after all the tutor will be providing the solution at the end. :) |
Jen (38) | ||
| 548374 | 2007-05-08 19:23:00 | Sorry im with chill on this one, A hard earned lesson is remembered, BTW want you are asking is possible try google "group permissions + linux" and the additional information you gather in research will also be valuable |
beama (111) | ||
| 548375 | 2007-05-09 02:15:00 | Are u people being fair here? The fact that he-she went to a forum must be a step in the right direction. |
kjaada (253) | ||
| 548376 | 2007-05-09 06:00:00 | Yes, sadly . I can remember in the late 1970s that about November each year (because the US university year started in September) that some of the more technical computer newsgroups, especially those frequented by system administrators, would get lots of technical questions from computer science students . It was obvious that these were course problems . A common reply went like: "Do you know that your professor is likely to follow this newsgroup, so getting your homework done here might cost you marks?" In fact, the question in that forum may not have had an answer for the same reason . ;) Welcome to PressF1 anyway, Niah, but the sort of answer you perhaps wanted wouldn't really help . It won't take you long to understand the Unix permissions mechanism . Learning that will be useful, because it's fundamental to system security administration . Here's a bit of a hint, giving an idea of how to think about the problem . Think about what combinations of rights you need to do things . For example, you have to have write permission on a directory in order to be able to create a file in that directory . But if you have only read permission on a directory, you can read it, but you can't access any files in the directory unless you have execute permission as well . So you need write+execute permission on a directory to create a file . It's all logical . :D |
Graham L (2) | ||
| 548377 | 2007-05-09 07:35:00 | What TAFE are you at? What course is it? Anyways, the questions are about ACLs ( . wikipedia . org/wiki/Access_control_list" target="_blank">en . wikipedia . org), and maybe sudo ( . wikipedia . org/wiki/Sudo" target="_blank">en . wikipedia . org) . ACLs will control write/read/execute permissions by groupid, and sudo would control root access . And oh, when you create a group, you also create a groupid . So it is not necessary to create a "userid" . Go the Maroons! |
vinref (6194) | ||
| 548378 | 2007-05-10 03:54:00 | Thanks for all the replies- I know it seems rather lazy to ask about something course related in a forum, but that's just how desperate I've become . I don't know enough about Linux for stuff like this, I don't even know where to start . I don't have a proper machine to fiddle with (we use VMWare server, which goes so slowly it drives me insane) and I don't have the time to teach myself all of the commands and stuff for a whole new OS that I've never used before . For those who have given hints as to where to look/start, thank you so much . Anything is better than nothing, and you've given me some new words to search for . Beama, believe it or not, I'm not completely stupid, that was one of the first lots of keywords I searched for- I found nothing to help me, just as I've found nothing to help me with my other keyword searches . A few weeks ago I had actually decided that this was some cruel joke on behalf of our teacher, that he had given us an impossible task so that we could find out it was impossible- this was backed up by my inability to find ANYTHING of use and from conversations I'd had with people who have worked with Linux for years, who told me it wasn't possible . . . Not to mention the fact that I discovered the original forum where he got the question from, and they didn't answer it . :p ( . linuxforums . org/forum/redhat-fedora-linux-help/13959-user-group-permissions-redhat-linux-es-3-0-a . html" target="_blank">www . linuxforums . org ) Unfortunately I was wrong . . . So I have to find a solution . Perhaps if I knew more about the file structure and everything I would be able to do it, but I've just been finding the whole thing frustrating and confusing- something I admit I'm not used to, just about everything else we've done in this course I've been able to pick up and do . I know about rwx permissions, I just can't figure out how to make it so one group can't write anywhere on the computer- I tried one way the other day and discovered that trying to log on with an account in that group kinda . . . killed the computer . :p It doesn't like not being able to write during start-up, apparently . So the only thing I've been able to think of is to go through the whole file system and set permissions on every file and directory . . . Which not only seems illogical and time wasting, but it doesn't really stop the creation of files . . . So confusing! Thanks all . :) |
Niah (12233) | ||
| 548379 | 2007-05-10 03:59:00 | ACL's in RH9? I doubt it . If users are to work "as" webadmin (a Bad Idea), you will certainly need to create a webadmin user . A group is not a user . A user is always a member of a group with their own username, however if the users are also made members of the webadmin group, they could work under their own user accounts (much preferable), with group privileges . A read of the RedHat user manuals would probably be a good idea . They are pretty readable . |
Graham L (2) | ||
| 1 2 | |||||