[Fwd: Re: Limitation for User]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

For the access right ( include read / modify / delete ) problem of bind service,
Is it need the owner / group of named to run the program for it really ?
So, we can't to re-set the permission again ?

Edward.

-------- Original Message --------
Subject: Re: Limitation for User
Date: Mon, 19 Feb 2007 11:53:45 -0600
From: Les Mikesell <lesmikesell@xxxxxxxxx>
Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx>
To: For users of Fedora <fedora-list@xxxxxxxxxx>
References: <45D9D1F0.4010500@xxxxxxxxxx> <45D9D814.7080305@xxxxxxxxx> <45D9DC15.9050908@xxxxxxxxxx>

edwardspl@xxxxxxxxxx wrote:
> Les Mikesell wrote:
> 
>> edwardspl@xxxxxxxxxx wrote:
>>
>>> Dear All,
>>>
>>> I want to how to config the limitation ( permission ) from the
>>> following ?
>>>
>>> [svradmin@svr1 etc]$ pwd
>>> /usr/local/proftpd/etc
>>> [svradmin@svr1 etc]$ ls -l
>>> total 4
>>> -rw-r--r-- 1 root root 1894 Feb 20 00:22 proftpd.conf
>>> [svradmin@svr1 etc]$
>>>
>>> Only allow user root, svradmin and edward they can access to
>>> /usr/.local/proftpd/etc/ ( directory ) and read / modify the config
>>> file ( such as proftpd.conf ).
>>
>> Root automatically has full access and doesn't need special
>> consideration. One of the other users (svradmin) can be the owner and
>> have rwx permission. To allow access by additional users you can add
>> group rwx permission and put the users in the of the files. Having a
>> single other user is a slightly special case where you could give
>> edward's group to the file instead of the other way around. In any
>> case you need to be careful when creating new files to set the correct
>> group.
>>
> Hello,
> 
> Do you means (operation steps ) :
> chown -R svradmin.edward /usr/local/proftpd/etc
> chmod 660 /usr/local/proftpd/etc/proftpd.conf
> 
> So, Only svradmin, edward and root user they can access to the directory
> and read / modify the file, right ?

Yes - you probably also want
chmod 770 /usr/local/proftpd/etc
if it doesn't have those modes already.  Also, you need to check that
this does not prevent the proftpd program from reading its own config
file.  I don't know if it runs as root at that point or not.  If it runs
with non-root permissions as it starts, you'll have to be sure it has
permission.  If there is no sensitive information there you could just
allow 'other' read access.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux