You are not logged in.
I noticed the .conf file for hellanzb on my system could be read by any user (which isn't so great since it contains a password in plain text). So I changed the permissions to root only. But now I have to run hellanzb as root or the program can't read the file. Is there a way to assign permissions just to hellanzb to access its .conf file, without allowing users, other than root, to view it?
I realize this may be a simple question, but when I strated reading articles about users and groups, it became very complicated and not clear to me how to do this. I don't really know much about these things.
Thanks in advance for any help.
Last edited by cb474 (2011-09-20 01:55:27)
Offline
You can give users the needed permissions to run hellanzb, see https://wiki.archlinux.org/index.php/Al … o_Shutdown for example how to do it: instead of /sbin/reboot you will allow them to access /bin/hellanzb or whatever.
Offline
You can use sudo to grant users permissions to run hellanzb as root, as required, without there having to be in wheel. You can set it up for individual users and can, or cannot, require they enter a password.
They will have to run it as sudo hellanzb
Edit: You may also want to check out Access Control Lists
Last edited by ewaller (2011-09-20 02:37:21)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
I thought a
chmod u+rw /path/to/.conf
chmod go-rw /path/to/.conf
would set the file to be read only by the user that owns it.
You're just jealous because the voices only talk to me.
Offline
I thought a
chmod u+rw /path/to/.conf
chmod go-rw /path/to/.conf
would set the file to be read only by the user that owns it.
That is all true. The problem is the need to give a user the ability to run a program that has secrets that should only be visible by root. If you give the user ownership, they cab see the keys to the kingdom.
For example, you may want to allow a user to connect to an arbitrary wireless access point. Generally, this is a privileged operation -- you want to give them permission to do it, but don't want to give them ownership. You may also not want them to be able to see or modify the pass phrases.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
Thanks for the replies. I will mull over these suggestions and see if I have any more questions.
Offline