Hi I quite new to B3 and have spent some time with reading how-tos on wiky.
Even though I have to ask on help.
Problem: I would like to share some files with my friends,( internet access ) without letting them to access all my other stuff. So if I create new user, he is able to view all //home/storage content out of private files of each user and torrents ( which are automatically created with new user ).
So my idea is to have one folder where can only logged user from outside access files ( with read/write rights ).
Can someone help me with this....and i am not very familiar with linux. So step by step manual will be perfect.HTTPS is the way i think, and some user groups with folder rights.
If you have allready other solution ...let s hear it!
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Users path
Re: Users path
I think `File Manager` on the B3 admin page does exactly that.
Re: Users path
No it does not.
If you create user "ABC" he can see all in //home/ folder.
That mean he can also delete files from user "CDE" placed out of //home/CDE/private and mail.
And free can delete files from //home/storage ...and i want to avoid this!
I need for user "ABC" only to see what belongs to him. That is the point.
And i want to secure the line. So HTTP access and strict user rules. So how to do it?
Is the way own personal cloud?
If you create user "ABC" he can see all in //home/ folder.
That mean he can also delete files from user "CDE" placed out of //home/CDE/private and mail.
And free can delete files from //home/storage ...and i want to avoid this!
I need for user "ABC" only to see what belongs to him. That is the point.
And i want to secure the line. So HTTP access and strict user rules. So how to do it?
Is the way own personal cloud?
Re: Users path
I assume we are all talking about the web interface now...
Try this:
Create two users using the web interface: testuser_a and testuser_b.
As testuser_a, put something in your home folder (secret.txt).
Log out and then log in as testuser_b. Access the home folder of testuser_a. You can see the file you created earlier, you can read it, but you cannot change it.
Try accessing the "private" folder of testuser_a -> permission denied.
Log out again, and log in as testuser_a. In the WEB-GUI filemanager, highlight the "secret.txt" file you put there and click the padlock icon, and you have the choice to change the permissions, so only you can read it.
storage however might be different. I have mine set up so only I can write to some subfolders, but others can upload stuff to a public folder.
However, only the person who uploaded it (and me of course) can change it. This is something that might not have came out of the box, but I have changed myself - but I don't remember.
Could you please tell us a little about your proficiency with the GNU/Linux command prompt, it's basic security system etc? Is this your first experience?
I could probably put together a step-by step instruction on how to create a completely separate group/user with it's own home directory etc, that you can share with all your friends. They can do whatever they want in there, but not touch the rest of the system. But I'm not going to explain how ssh works, how to edit files via the command prompt, chmod, chown, what a sticky bit is, etc.
At least not tonight.
I'm too old and I have done it too many times...
Try this:
Create two users using the web interface: testuser_a and testuser_b.
As testuser_a, put something in your home folder (secret.txt).
Log out and then log in as testuser_b. Access the home folder of testuser_a. You can see the file you created earlier, you can read it, but you cannot change it.
Try accessing the "private" folder of testuser_a -> permission denied.
Log out again, and log in as testuser_a. In the WEB-GUI filemanager, highlight the "secret.txt" file you put there and click the padlock icon, and you have the choice to change the permissions, so only you can read it.
private and Mail should definitively not be writeable by other users, or even readable.That mean he can also delete files from user "CDE" placed out of //home/CDE/private and mail.
And free can delete files from //home/storage ...and i want to avoid this!
storage however might be different. I have mine set up so only I can write to some subfolders, but others can upload stuff to a public folder.
However, only the person who uploaded it (and me of course) can change it. This is something that might not have came out of the box, but I have changed myself - but I don't remember.
Could you please tell us a little about your proficiency with the GNU/Linux command prompt, it's basic security system etc? Is this your first experience?
I could probably put together a step-by step instruction on how to create a completely separate group/user with it's own home directory etc, that you can share with all your friends. They can do whatever they want in there, but not touch the rest of the system. But I'm not going to explain how ssh works, how to edit files via the command prompt, chmod, chown, what a sticky bit is, etc.
At least not tonight.
I'm too old and I have done it too many times...
Re: Users path
Or are you just low on cheese?Cheeseboy wrote: I'm too old and I have done it too many times...
Re: Users path
EDIT (oops, shouldn't give details like that away):Ubi wrote:Or are you just low on cheese?Cheeseboy wrote: I'm too old and I have done it too many times...
Beer, more likely. And I have a scheduled conf call with some guys from xyz tomorrow at 08:30...
Re: Users path
I may have misunderstood what was intended here then...
Anyway, as Cheeseboy explains the solution could be in assigning the guest users to a `friends` group to disallow what regular users may do. However, this will still not keep them from accessing other users' home folders as the default security settings allow read and access to everyone. This appears to be related to the admin user, although that still does not give this user superuser level rights through all the supported interfaces and protocols.
You will need to change the default security on the home directories to completely deny your friends access to them and I'm still not sure what effect this has on specific system functions. I did change the mount parameters of the storage volume (/home) to support ACLs however, which I currently use to grant myself full control over every file that is being created in my home folder and in the webroot folder. That may seem silly, but I do tend to have a lot of root owned files in those folders because I do like to play with tweaking the system. You could probably use this though to allow specific users and/or groups access to some shared folders while prohibiting everyone else to access it.
Anyway, as Cheeseboy explains the solution could be in assigning the guest users to a `friends` group to disallow what regular users may do. However, this will still not keep them from accessing other users' home folders as the default security settings allow read and access to everyone. This appears to be related to the admin user, although that still does not give this user superuser level rights through all the supported interfaces and protocols.
You will need to change the default security on the home directories to completely deny your friends access to them and I'm still not sure what effect this has on specific system functions. I did change the mount parameters of the storage volume (/home) to support ACLs however, which I currently use to grant myself full control over every file that is being created in my home folder and in the webroot folder. That may seem silly, but I do tend to have a lot of root owned files in those folders because I do like to play with tweaking the system. You could probably use this though to allow specific users and/or groups access to some shared folders while prohibiting everyone else to access it.
Re: Users path
That was actually what i wanted to post, as it was pretty much my own current state of affairsCheeseboy wrote: Beer, more likely.
Re: Users path
Hi Gordon,
Why not a group/users that is NOT part of "users" or other groups - hence of the "other" category?
Then for example:
www-data, root and all the others would still be included in the "group" if taken care of properly.
The people you don't want to have access would be in the "other" category, and thus excluded.
I don't really care too much about this - and I'm not sure what you mean with "access"... I don't care that my friends can see my movies - it's the whole point they have have access. I don't want them to delete them though, and that is easily fixable. My own home directory with my email etc, is a different story.
Anyway, I think this is all academical (and I think we have talked about it several times before). We all know what we prefer, and how to implement it by now.
The interesting thing to me is the question of the OP. It is still a mystery to me. How can he see another users Mail directory, and write to it with a default B3 installation?
Cheers,
N
Why not a group/users that is NOT part of "users" or other groups - hence of the "other" category?
Then for example:
Code: Select all
find /home/storage/video/movies -type f ! -perm 640 exec chmod 640 '{}' \;
find /home/storage/video/movies -type d ! -perm 750 exec chmod 750 '{}' \;
The people you don't want to have access would be in the "other" category, and thus excluded.
I don't really care too much about this - and I'm not sure what you mean with "access"... I don't care that my friends can see my movies - it's the whole point they have have access. I don't want them to delete them though, and that is easily fixable. My own home directory with my email etc, is a different story.
Anyway, I think this is all academical (and I think we have talked about it several times before
). We all know what we prefer, and how to implement it by now.The interesting thing to me is the question of the OP. It is still a mystery to me. How can he see another users Mail directory, and write to it with a default B3 installation?
Cheers,
N
Re: Users path
Oops, posting overlap. I was too busy answering GordonUbi wrote:That was actually what i wanted to post, as it was pretty much my own current state of affairsCheeseboy wrote: Beer, more likely.
Cheers!
Re: Users path
The default install assigns 0755 rights to the user home directories. So yes that means that everybody can read any file that you put in there. The only safe folder appears to be the private folder which is user only. I'm not sure about the Mail directory, nor can I verify because as I said I changed various security settings. But, given the fact that everybody can read the files, it doesn't actually offer more security if you create some kind of `guest` or `friends` group. It would stop them from being able to write to the common storage though, but that doesn't appear to be what troubles TS.
Re: Users path
Same thing. I don't know why they did it and whether changing it may break something. While it annoyed me it hasn't bothered me enough to actually find out. And obviously the existing accounts already have 0755 set on their home directories, so these would need changing anyway - which I did and thus solved the issue for me personally.
BTW Does everybody here also have a home directory for Carl?
BTW Does everybody here also have a home directory for Carl?
Re: Users path
I do not, but I did not upgrade to the latest and greatest. If that update contains a user named carl, at least we know who made the image for that update.Gordon wrote:BTW Does everybody here also have a home directory for Carl?
EDIT: <<text removed because I misunderstood what Gordon meant>>
Last edited by Ubi on 23 Jul 2013, 10:28, edited 1 time in total.
Re: Users path
There's actually no user named carl on the system. Just the folder, owned by root, and some php PEAR related files inside it. Apparently the folder was created on April 3, but I can't remember if that relates to a previous update. I was just wondering...