[Fwd: Re: Limitation for User]
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Wed Feb 21 04:25:05 UTC 2007
Hello,
For the access right ( include read / modify / delete ) problem of bind
service,
Is it need the owner / group of named to run the program for it really ?
So, we can't to re-set the permission again ?
Edward.
-------- Original Message --------
Subject: Re: Limitation for User
Date: Mon, 19 Feb 2007 11:53:45 -0600
From: Les Mikesell <lesmikesell at gmail.com>
Reply-To: For users of Fedora <fedora-list at redhat.com>
To: For users of Fedora <fedora-list at redhat.com>
References: <45D9D1F0.4010500 at ita.org.mo> <45D9D814.7080305 at gmail.com>
<45D9DC15.9050908 at ita.org.mo>
edwardspl at ita.org.mo wrote:
> Les Mikesell wrote:
>
>> edwardspl at ita.org.mo wrote:
>>
>>> Dear All,
>>>
>>> I want to how to config the limitation ( permission ) from the
>>> following ?
>>>
>>> [svradmin at svr1 etc]$ pwd
>>> /usr/local/proftpd/etc
>>> [svradmin at svr1 etc]$ ls -l
>>> total 4
>>> -rw-r--r-- 1 root root 1894 Feb 20 00:22 proftpd.conf
>>> [svradmin at svr1 etc]$
>>>
>>> Only allow user root, svradmin and edward they can access to
>>> /usr/.local/proftpd/etc/ ( directory ) and read / modify the config
>>> file ( such as proftpd.conf ).
>>
>> Root automatically has full access and doesn't need special
>> consideration. One of the other users (svradmin) can be the owner and
>> have rwx permission. To allow access by additional users you can add
>> group rwx permission and put the users in the of the files. Having a
>> single other user is a slightly special case where you could give
>> edward's group to the file instead of the other way around. In any
>> case you need to be careful when creating new files to set the correct
>> group.
>>
> Hello,
>
> Do you means (operation steps ) :
> chown -R svradmin.edward /usr/local/proftpd/etc
> chmod 660 /usr/local/proftpd/etc/proftpd.conf
>
> So, Only svradmin, edward and root user they can access to the directory
> and read / modify the file, right ?
Yes - you probably also want
chmod 770 /usr/local/proftpd/etc
if it doesn't have those modes already. Also, you need to check that
this does not prevent the proftpd program from reading its own config
file. I don't know if it runs as root at that point or not. If it runs
with non-root permissions as it starts, you'll have to be sure it has
permission. If there is no sensitive information there you could just
allow 'other' read access.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070221/3e248d4b/attachment-0002.html
More information about the users
mailing list