Changing umask value for files and directories take effect after reload:
/etc/profile
/etc/bashrc
default permission for all users:
-rw-r--r--
above permission is edited to:
-rw-rw-r--
If a specific user in group having only read permission to a file/directory is created before reload,and Linux server reloads, that user gets rw permission to that file/directory. what is the alternative of securing:
/etc/profile
/etc/bashrc
apart from giving the two files access to root user only, and locking out all other users?
I tried adding two users in apache group and given 775 permission to Document root but user is not able to write into files in DocumentRoot
Tried adding user and DocumentRoot Folder in sudo file but not able to do it recursively
please help
Thanks for reply,
I have already given chmod 775 -R DocumentRoot - for recursively writting permission
You have told to add user in www-data group and chmod 775 -R to DocumentRoot
usermod -a -G www-data <user1>
How can users in www-data can able to write in DocumentRoot which has apache:apache owner and group
please clarify...
Done below steps to solve this:
1) I have created a new group webdata and added required users in this group
2) set sticky bit to document root with below command
setfacl -m g:webdata:rwx -R /path/to/documentroot/
this command will set rwx permission to DocumentRoot so that members in webdata can have full access but still DocumentRoot user and group will be apache
I am writing a script to check the log file in /var/log , some files are only read by root , but the script use general user to access the system ( as the system do not accept root to ssh directly ) , therefore , it could not read such files .
Would advise what is the best method to solve this problem , copy the file to a special folder ? allow root to ssh ? create a user with root permission ?
very thanks
Centos 6.5
I ran into an interesting problem (on reddit) that I figured I could solve, but I have not been able to. Its simple,.. I added 'exit 0' to /root/.bashrc, and now I am trying to log in via ssh.
Everytime I do, it immediately exits when it runs the .bash_profile, which sources .bashrc, (which is immediate upon 'logging in')
I've tried:
Code:
ssh root@192.168.1.50 -t vim
vim scp://192.168.1.50/.bashrc
vim scp://192.168.1.50/root/.bashrc
ssh root@192.168.1.50 bash --norc
ssh root@192.168.1.50 /bin/bash --norc --noprofile
ssh -T root@192.168.1.50 "mv /root/.bashrc /root/.bashRC"
scp .bashrc root@192.168.1.50:/root/
ssh root@192.168.1.50 /bin/bash --norc --noprofile -vvvvvvvvvv
ssh -vvvvvv root@192.168.1.50 /bin/bash --norc --noprofile
ssh -vvvvvv root@192.168.1.50 /bin/mv /root/.bashrc /root/.bashRC
ssh -t -t root@192.168.1.50 << EOF
mv /root/.bashrc /root/.bashRC
EOF
ssh -t -t root@192.168.1.50 --norc << EOF
echo HELLO > /root/.bashrc
EOF
ssh -tv root@192.168.1.50 rm .bashrc
So,.. I am unable to get back into the system (as root, no other users exist) after adding 'exit 0' to .bashrc
Anyone feel like explaining why all of these failed (aside from saying SSH interactive logins run the .bash_profile/.bashrc files) or, offering a suggestion that works? Seems like if you have the root password, you should be allowed to modify the login process... since... you know... you are root.
Hello There
I have an issue in file permission,I have configured an samba share drive,
created user and then shared it with other network computer(WINDOWS 7)
whenever an user creates an folder or file (like Excel) it shows up in read only mode..
I have ran the command :- chmod -R 777 <sharedFolder>
still when the users create a new folder, other cannot edit or modify the file
need help
Directory /media/data/torrents/ has permissions 775, user yzt, group transmission
yzt and debian-transmission are members of the group transmission.
transmission-daemon is run by debian-transmission, and the new files it downloads have permissions 644, owner debian-transmission, group transmission. This is a problem, because I can't later move the files as my user, yzt, and need to be switching to root to change the permissions/ownership to be able to do so.
Using sticky bit I could copy it to anywhere else, but I'm interested on actually moving the file, not just copying it. I could run transmission-daemon as yzt and problem solved, but I rather have that internet facing service running by a limited user, just in case some vulnerability is found on Transmission.
So my question is, how can I set that every new file created under /media/data/torrents/ has permissions 775 like its parent directory?
hi experts
I am rsyncing a user's home dir across the NFS and the local PC, but when it tries to copy over the hidden files it fails with permission denied. Both dir are owned by the proper user and I am root when I execute the script, so I am not sure what went wrong here.
For example: this is the content and permissions of the source:
-rw------- 1 user test 115 Nov 14 11:28 .bash_history
and here is my error:
rsync: send_files failed to open "/home/user/.bash_history": Permission denied (13)
Thanks
I am in the process of migrating from a Centos 5 to Centos 6 server. I have duo two factor authentication working on my original server via the ForceCommand parameter in my sshd_config file. SSH login prompts for password and immediately pushed duo authentication to phone.
On my new server, it appears the .bashrc file is executed before ForceCommand, as I migrated my .bashrc from original server to new server. This was not the case previously.
How do I force the ForceCommand to run before any profile dependent .bashrc's?
Thank you.
Hi,
In first place i would like to give you a brief about my current setup and my requirement.
I have 80% of the machines with CentOS 6.5 installed rest 20% windows 7. I have OpenLDAP v2.4 for user authentication.
In linux environment all linux machines are configured in such a way that whenever a user logs on to system with the help of OpenLDAP credentials he gets a default desktop rather Mandatory Profile is implemented in this setup. Now my goal is to enable OpenLDAP users logon to windows machines and get the same Mandatory profile setup done here. So far SambaPDC helped me to authenticate LDAP accounts on Windows clients machines but the Manadatory profile thing isn't working well at all due to posix acls issue. Now i am working with Windows Server 2012 r2 server so as to integrate with OpenLDAP for getting this Mandatory profile thing done. Is there any way i can sync all OpenLDAP accounts to Active directory or rather make my windows server a member server for OpenLDAP domain.
Please help me on this. Thanks in advance!!
hi guys
i was taught that /etc/profile was global for environmental variables and settings...and ~/.profile was specific to the user...
and that bash.rc and ~/.bash.rc was for aliases and functions...i was trying to setup a permanent alias in my profile to a common ssh command and read that it should be going into .profile??? is it really not strict or just a rule of thumb?
Hey guys, I got samba working and I am able to access my files, however I am now trying to learn security with it. i am pretty much trying to allow certain groups access certain files. if you look at samba group you can see that I have @sambausers group to access sambagroup directory.
I have a user called sambatest01. the user can access "samba users only" but the user can access all of the other files as well. what is a correct set up on the other smb.conf to prevent users from accessing this? I cant seem to find a proper set up
[drivers]
path = /files/drivers
browseable = yes
read only = no
guest ok = no
guest only = no
[samba users only]
path = /files/sambagroup
browseable = yes
read only = no
guest ok = no
guest only = no
write list = @sambausers
valid users = @sambausers