Access to home directories

krishna.hore · #1 21st March 2008, 12:23 PM

Hi all....

I am linux newbie
I am using fedora 8.
I have three user accounts...
1) turtle

2) hulk

3) guest

each having their own home directory..
I want to access home directory of hulk, while I am logged in as turtle and vice-versa
guest should have access to only its own home directory as it has now...

I searched using google then
I tried changing file permission and group, but could not exactly figure out, how to go about the task..

Any suggestion.. will be greatly appreciated..

***glennzo*** · #2 21st March 2008, 01:47 PM

I think the whole idea of security in Linux is that no users have access to other users' home folders by default. You can access the folders as root.

stevea · #3 21st March 2008, 01:50 PM

Normally during account setup there is bot a user account and a group created for each users.
You can make user turtle a part of group "hulk and then also make user hulk a part of the tutrle group too. That's probably the easiest and best method. Also if tutrle has files he doesn't want hulk to see, be can remove the group read mask (chmod g-w secretfile).

Alternatively you can make a new group "share" and add this to the groups for both turtle and hulk. IN this case you'd have to change all the group ownership for the existing files like:
chgrp -R share /home/turtle
chgrp -R share /home/hulk
Also you need to change the group ownership of new files.

The user & group management tool should allow you to do this things.

stevea · #4 21st March 2008, 01:51 PM

Quote:

Originally Posted by glennzo

I think the whole idea of security in Linux is that no users have access to other users' home folders by default. You can access the folders as root.

I think you need to read a *nix 101 book. So very wrong.

Here is a very basic outline of the basic file control bits,
http://tldp.org/HOWTO/Security-HOWTO/file-security.html
It covers owner, group associations and also the permission mask bits.

What a lot of noobs and even experienced users don't underestand is that
there is also another layer of control provided by POSIX ACL, and the
POSIX "roles" feature. You can't set up a network interface unless you
take the CAP_NET_admin role and that is NOT necessarily associated with
the root account !

NO ! The basic permission system gives users the ability to control file
read/write/execute access based for the owner, the group associated with
the file and for "world" (every user). This is pretty flexible, but the ACLs go
way beyond this and provide any number of sets of access permissions per
flie. This is much finer control yet.

LordMorgul · #5 23rd March 2008, 05:10 AM

For this situation I would suggest going to the Users and Groups configuration, then add each of your user names to the GROUP of the other users (i.e. add turtle to the group named 'hulk'). Then set the group permissions for your homes (chmod -R g+rw /home/hulk). By default files in your home are owned by the your user's group (i.e. the hulk group for /home/hulk). Fairly easy approach to your problem here and much safer than accessing files as root regularly.

(edit: and.. I see stevea already posted that suggestion, I should have read the thread.)

setamym · #6 19th April 2008, 02:18 PM

I think glennzo was simple : just login as root.

starstatras · #7 22nd April 2008, 09:19 PM

Im sure that is a very bad idea