Thanks to all who replied.
I'm resuming what I wanted to achieve:
'rodolfo' is a normal user, but Rodolfo (me) is also the superuser,
whereas say, 'alberto' is only a normal user.
Then I wish to adopt for alberto a security level 4, i.e. alberto
should not be able to see the '/' directory nor
From: [EMAIL PROTECTED]
. The /dev, /proc and /sys dirs have turned back to be readable by other
users, what I don't want.
Any other hints will be appreciated.
The system will not work with those set unreadable to other than root.
{^_^}
Want
. The /dev, /proc and /sys dirs have turned back to be readable by other
users, what I don't want.
Any other hints will be appreciated.
The system will not work with those set unreadable to other than root.
{^_^}
I just checked and indeed, even with a sec level=4 and even 5,
some subdirs of
/initrd doesn't matter at all. /opt and /sys by definition must be
readable my normal users. /var is a general variable data storage
area for all users. As such at least portions of it must remain
read write. So by definition it, too, must remain read/write.
{^_^}Joanne
- Original Message
Thanks Todd, thanks Richard:
Todd wrote:
I really
question the need to have your entire system group owned by a simple
user. Sounds like a recipe for disaster to me. Better to su when you
need to, or learn how to set up sudo.
Richard wrote:
Are you sure you know what you're
doing?
To me this
...Maybe a simple solution would be to add rodolfo to group 'root' in
addition to group 'rodolfo'?
I'm looking for the proper linux command to do so.
Rodolfo
Regala e regalati Libero ADSL: 3 mesi gratis, navighi veloce e scarichi
On Sunday 19 Dec 2004 4:41 pm, [EMAIL PROTECTED] wrote:
...Maybe a simple solution would be to add rodolfo to group 'root' in
addition to group 'rodolfo'?
I'm looking for the proper linux command to do so.
Not root.
Group wheel is a close match, but not quite what you're looking for.
Not
On Sunday 19 December 2004 16:26, [EMAIL PROTECTED] wrote:
:
if I only allow the group 'rodolfo' to read those directories
and not to modify them in any way, then I don't see the danger.
Anyhow, if the system tries so hard to oppose to what I'm doing
it's quite clear that I'm trying to
Thanks, Derek.
You say:
[...] you are completely ruining security by trying to give a user
access to root files. [...]
So you mean that security level 2, which gives a user access to *read* all the
files
of the '/' dir and its subdirs except for the /root dir, completely ruins
security?
Why
On Sunday 19 December 2004 21:54, [EMAIL PROTECTED] wrote:
Thanks, Derek.
You say:
[...] you are completely ruining security by trying to give a user
access to root files. [...]
So you mean that security level 2, which gives a user access to *read* all
the files
of the '/' dir and its
Removing read permission from directories would indeed limit user rodolfo as
well as user alberto, but that is where sudoers can help you. sudoers would
give rodolfo permission to perform certain commands as if he were root user.
Yes,
the problem with sudoers is that (as far as I know)
one
On Sunday 19 December 2004 23:29, [EMAIL PROTECTED] wrote:
Removing read permission from directories would indeed limit user rodolfo
as well as user alberto, but that is where sudoers can help you. sudoers
would give rodolfo permission to perform certain commands as if he were
root user.
Basically, Rodolfo, you cannot do what you want. In reality Linux has
exactly one root account with multiple doors into the account, each
with slightly different characteristics and names for login. But they
are all the same account, account 0. So you can create all the root
accounts you want with
On Sunday 19 December 2004 03:29 pm, [EMAIL PROTECTED] wrote:
| Removing read permission from directories would indeed limit user rodolfo
| as well as user alberto, but that is where sudoers can help you. sudoers
| would give rodolfo permission to perform certain commands as if he were
| root
Another option is to run midnight commander (mc) from the terminal,
after su ing.
Not as pretty as Konqueror though
Hth
hugh
-Original Message-
From: Erylon Hines [mailto:[EMAIL PROTECTED]
Sent: Monday, 20 December 2004 4:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [newbie] Re
On Sunday 19 December 2004 09:40 pm, Hugh Dixon wrote:
| Another option is to run midnight commander (mc) from the terminal,
| after su ing.
| Not as pretty as Konqueror though
|
| Hth
|
| hugh
|
|
That will work--and mc looks like the old Norton Commander from DOS days. It
will require you
and using mc is a milestone on the way to geekdom :-)
On Monday 20 December 2004 06:49, Erylon Hines wrote:
On Sunday 19 December 2004 09:40 pm, Hugh Dixon wrote:
| Another option is to run midnight commander (mc) from the terminal,
| after su ing.
| Not as pretty as Konqueror though
|
I doubt I elected to install it - but maybe. To me it is two steps back
from geekdom than using the CLI !!
hugh
-Original Message-
From: Erylon Hines [mailto:[EMAIL PROTECTED]
Sent: Monday, 20 December 2004 4:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [newbie] Re: The effect
On Sunday 19 December 2004 09:58 pm, Hugh Dixon wrote:
| I doubt I elected to install it - but maybe. To me it is two steps back
| from geekdom than using the CLI !!
| hugh
|
|
You obviously type better than mi
e
Want to buy your Pack or
19 matches
Mail list logo