> I have a partition on my hard drive called /private. Now I want to
makie
> this so that only root and user Scott can see this directory. What
would
> be the best combination of chown and chgrp as well as chmod? Will I
need
> to umask also? Thanks for the help.
Well, since root can see anything (unless you go the route of encrypted
file-systems, in which case it becomes a different game), you're really
just concerned about the user Scott accessing it. It would be the same
as your home directory for ~Scott in that it should be set to the
following privs:
User: read, write, execute
Group & other: none
You'd then want to use "umask" (best done as a call in one of the
profile or .login files for the "scott" account) so that files have the
privs
User: read, write, not execute
Group & Other: none
I don't remember off the top of my head which direction the bits go for
the umask command, but I think that would be 077, which would strip off
rights by default for Group and Others.
If "scott" doesn't already own the /private directory, you can "su" to
root, and change the ownership, so you'd do something like
login: scott
password: ****
scott@mybox# su
root@mybox$ chmod o-rwx /private
root@mybox$ chmod ug+rwx /private
root@mybox$ chown scott.scott /private
root@mybox$ exit
scott@mybox# echo umask 077 >> ~/.profile
This assumes that you've got the user "scott" in a private group called
"scott" as well. Adjust the "chown" line accordingly, if the user
"scott" is part of another group. You can always use your favorite
editor to add the "umask..." line to your login file rather than using
the trusty "echo ... >> ..." method, if you need to have more control
over where it goes.
If you need to add a second user (say "scotts_beau"), you have to make
use of groups--so "scott" and "scotts_beau" would be members of the
group "privy", and you'd "chown scott.privy /private". That would give
both scott and scotts_beau access to work within that directory,
keeping it private from other users.
Take note that if you have files within that directory with rights set
to being publicly viewable, they can be read if another user knows the
file names and can ask for them directly...can be the case on a multi-
user system where each user has a ~/public_html folder that has to be
made available to the web-server...files in there (including, perhaps,
PHP/JSP/whatever source code with passwords) can be requested directly
by other users on the system.
HTH,
-tim
_______________________________________________
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list