[solved] allowing guest user full access to a subfloder on my account

Mr. X · 2009-01-06 01:40:34

Ok, let's say I have a directory in location /home/myacc/shared-files/
I do chmod 777 on that dir, and make a link on a guest account ( ln -s /home/myacc/shared-files/ /home/guest/share )

When I try to access /home/guest/share from the guest account, I get "Permission denied" message, obviously because /home/myacc is protected...
How can I let a guest to see the shared-files subdirectory, but still without changing my home directory permissions?

Last edited by Mr. X (2009-01-07 18:34:14)

ezzetabi · 2009-01-06 13:48:23

777 gives access to everyone, probably it is better using 775 for directories and 664 for files and making a group of allowed users.

I am afraid you have to change permissions, just change to 711, so others can't ls or write in the directories.
E.g.
your user name: 'hack',
shared folder: /home/hack/one/two/shared

chmod 711 /home/hack/one
chmod 711 /home/hack/one/two
find /home/hack/one/two/shared -type f -exec chmod 666 {} \;
find /home/hack/one/two/shared -type d -exec chmod 777 {} \;

and to test:
su
#root password
su other_user_name
cd /home/hack/one/two/shared
touch test

Last edited by ezzetabi (2009-01-06 13:49:49)

Procyon · 2009-01-06 14:07:05

You have to make a 'path to the dir'
chmod a+x /home/youracc

See this example for instance:

mkdir deny
mkdir deny/allow
chmod u-x deny
cd deny #FAILS
cd deny/allow #FAILS
chmod u-rw deny
chmod u+x deny
cd deny #SUCCESS
ls #NOTHING
cd allow #SUCCESS
ls

Xyne · 2009-01-06 14:31:01

Using the chmod 711 method, others are prevented from ls'ing the directory but if they guess the names of files they can still check if they exist, correct?

Let someone else give an opinion about this before you do it, but you should also be able to use "mount --bind /dir/to/share /where/to/share/it". I've used this on my LAN to put repos in my home dir on an apache server without opening up permissions along the path to my repos.

In your case, I think you could do this:

mount --bind /home/myacc/shared-files /home/guestacc/shared-files

From what I've read about it, the point of "mount --bind" is to get around the limitations of "ln -s" and path permissions.

*edit*
You'll need to create the /home/guestacc/shared-files directory first.

Last edited by Xyne (2009-01-06 19:45:08)

bangkok_manouel · 2009-01-06 15:30:37

you may want to check this:
http://code.google.com/p/bindfs/

Xyne · 2009-01-06 16:30:30

bangkok_manouel wrote:

you may want to check this:
http://code.google.com/p/bindfs/

This makes me happy. When I first ran into the permissions problem of symlinking a directory for Apache, I immediately thought of how EncFS works and wondered how that could be done without encryption (before I found "mount --bind" and forgot about it).

I've uploaded a bindfs PKGBUILD to the AUR: http://aur.archlinux.org/packages.php?ID=22920

thisperishedmin · 2009-01-06 18:49:12

Just dropping in to say lots of good info here...thanks for the read guys - I'm sure this will come in handy in the near future as I get my hands dirtier and dirtier in *nix administration!

Mr. X · 2009-01-07 18:31:09

thx guys, I managed to do what I wanted

Arch Linux

#1 2009-01-06 01:40:34

[solved] allowing guest user full access to a subfloder on my account

#2 2009-01-06 13:48:23

Re: [solved] allowing guest user full access to a subfloder on my account

#3 2009-01-06 14:07:05

Re: [solved] allowing guest user full access to a subfloder on my account

#4 2009-01-06 14:31:01

Re: [solved] allowing guest user full access to a subfloder on my account

#5 2009-01-06 15:30:37

Re: [solved] allowing guest user full access to a subfloder on my account

#6 2009-01-06 16:30:30

Re: [solved] allowing guest user full access to a subfloder on my account

#7 2009-01-06 18:49:12

Re: [solved] allowing guest user full access to a subfloder on my account

#8 2009-01-07 18:31:09

Re: [solved] allowing guest user full access to a subfloder on my account

Board footer