Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Permissions on a directory in /home for all users
Top Forums UNIX for Advanced & Expert Users Permissions on a directory in /home for all users Post 302921856 by cjcox on Monday 20th of October 2014 02:48:20 PM
Old 10-20-2014
Make every user that is sharing a member of a group, example "shared"

Then change the group ownership of the shared home area to "shared" and make it group writable and change the sticky bit.

Then ensure all access using a umask 0002 (some clients will try to preserve client side perms, so make sure files, etc. on the client side have group write perms.... an example is sftp, if the client file isn't grouip writable, neither will the remote side when copied).

Code:
mkdir /home/shared
chgrp shared /home/shared
chmod u+rwx,g+rwxs /home/shared

In order to bypass normal operations and "fix" the bits for any file operation, you'll need an extra level of abstraction to the filesystem (unless somebody knows of something).
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restrict users to ther home directory

Hello! I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above. Does anyone know how to do this? Anders (1 Reply)
Discussion started by: alfabetman
1 Replies

2. UNIX for Dummies Questions & Answers

Reset Home Directory Permissions

I accidently reset the permissions of my /home/punkrockguy318 directory to root only. How can I get my punkrockguy318 permissions ( and all of it's contents) to be read/write accesable only to punkrockguy318 and root? (5 Replies)
Discussion started by: punkrockguy318
5 Replies

3. UNIX for Dummies Questions & Answers

Profiles for users without home directory

Hi I want to know which profile will be called when a user without home directory is created. When I created a user without home directory(by setting in /etc/default/useradd), the user is able to login directly into the main "/" folder but with only read permissions. Thanks naina (3 Replies)
Discussion started by: naina
3 Replies

4. UNIX for Dummies Questions & Answers

Can I prevent a user from changing the permissions on their home directory.

Hello All, I have a new HPUX system going into production and it will be used by 2 projects. One of the contract requirements is the 2 groups can not have access to the others work or data. I believe I have the system pretty well locked up using groups and permissions and selective mounting of... (2 Replies)
Discussion started by: DanL
2 Replies

5. UNIX for Dummies Questions & Answers

Home Directory Jail for Users

Hi, I am looking for a shell script (or any other way), that puts a user in a home directory jail. So for example, I have a user named richard and I don't want him wandering outside /usr/users/richard. I don't want him to cd to anywhere including cd .. Somebody said you can do that with... (3 Replies)
Discussion started by: mz043
3 Replies

6. UNIX for Dummies Questions & Answers

lost /home/directory for users

I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing. The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies

7. UNIX for Advanced & Expert Users

Home Directory Permissions

My users home directory located in a RHEL 5.0 nfs server. Client is ubuntu 8.1 using NIS for authntication anf NFS for automounting home Directory on the client side. I set 700 to the users home directory. My problem here is some of the users change the mode, which result in leak of... (2 Replies)
Discussion started by: a_artha
2 Replies

8. Solaris

Common Home directory for different users??

Hi Guys, I have a problem with configuring a server. this is a solaris 10 with sparc platform. I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display. I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies

9. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

10. Red Hat

SSH lock users to the Home Directory

Hi friends, I must to give ssh connection to own customer. So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user. I am waitting your kindly helps :D ---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies

LEARN ABOUT LINUX

usermod

USERMOD(8)						    System Management Commands							USERMOD(8)

NAME

       usermod - modify a user account

SYNOPSIS

       usermod [options] LOGIN

DESCRIPTION

       The usermod command modifies the system account files to reflect the changes that are specified on the command line.

OPTIONS

       The options which apply to the usermod command are:

       -a, --append
	   Add the user to the supplementary group(s). Use only with the -G option.

       -c, --comment COMMENT
	   The new value of the user's password file comment field. It is normally modified using the chfn(1) utility.

       -d, --home HOME_DIR
	   The user's new login directory.

	   If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is created if it
	   does not already exist.

       -e, --expiredate EXPIRE_DATE
	   The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.

       -f, --inactive INACTIVE
	   The number of days after a password expires until the account is permanently disabled.

	   A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.

       -g, --gid GROUP
	   The group name or number of the user's new initial login group. The group must exist.

	   Any file from the user's home directory owned by the previous primary group of the user will be owned by this new group.

	   The group ownership of files outside of the user's home directory must be fixed manually.

       -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
	   A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no
	   intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.

	   If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be
	   changed via the -a option, which appends the user to the current supplementary group list.

       -l, --login NEW_LOGIN
	   The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user's home directory name
	   should probably be changed manually to reflect the new login name.

       -L, --lock
	   Lock a user's password. This puts a '!' in front of the encrypted password, effectively disabling the password. You can't use this
	   option with -p or -U.

	   Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1.

       -m, --move-home
	   Move the content of the user's home directory to the new location.

	   This option is only valid in combination with the -d (or --home) option.

	   usermod will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be
	   needed afterwards.

       -o, --non-unique
	   When used with the -u option, this option allows to change the user ID to a non-unique value.

       -p, --password PASSWORD
	   The encrypted password, as returned by crypt(3).

	   Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes.

	   The password will be written in the local /etc/passwd or /etc/shadow file. This might differ from the password database configured in
	   your PAM configuration.

	   You should make sure the password respects the system's password policy.

       -s, --shell SHELL
	   The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.

       -u, --uid UID
	   The new numerical value of the user's ID.

	   This value must be unique, unless the -o option is used. The value must be non-negative. Values between 0 and 999 are typically
	   reserved for system accounts.

	   The user's mailbox, and any files which the user owns and which are located in the user's home directory will have the file user ID
	   changed automatically.

	   The ownership of files outside of the user's home directory must be fixed manually.

       -U, --unlock
	   Unlock a user's password. This removes the '!' in front of the encrypted password. You can't use this option with -p or -L.

	   Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for example to 99999,
	   or to the EXPIRE value from /etc/default/useradd).

       -Z, --selinux-user SEUSER
	   The SELinux user for the user's login. The default is to leave this field the blank, which causes the system to select the default
	   SELinux user.

CAVEATS

       You must make certain that the named user is not executing any processes when this command is being executed if the user's numerical user
       ID, the user's name, or the user's home directory is being changed.  usermod checks this on Linux, but only check if the user is logged in
       according to utmp on other architectures.

       You must change the owner of any crontab files or at jobs manually.

       You must make any changes involving NIS on the NIS server.

CONFIGURATION

       The following configuration variables in /etc/login.defs change the behavior of this tool:

       MAIL_DIR (string)
	   The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not
	   specified, a compile-time default is used.

       MAIL_FILE (string)
	   Defines the location of the users mail spool files relatively to their home directory.

       The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to create, move, or delete the user's mail spool.

       MAX_MEMBERS_PER_GROUP (number)
	   Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name,
	   same password, and same GID).

	   The default value is 0, meaning that there are no limits in the number of members in a group.

	   This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS
	   groups are not larger than 1024 characters.

	   If you need to enforce such limit, you can use 25.

	   Note: split groups may not be supported by all tools (even in the Shadow toolsuite). You should not use this variable unless you really
	   need it.

FILES

       /etc/group
	   Group account information.

       /etc/gshadow
	   Secure group account information.

       /etc/passwd
	   User account information.

       /etc/shadow
	   Secure user account information.

SEE ALSO

       chfn(1), chsh(1), passwd(1), crypt(3), gpasswd(8), groupadd(8), groupdel(8), groupmod(8), login.defs(5), useradd(8), userdel(8).

System Management Commands					    06/24/2011								USERMOD(8)
All times are GMT -4. The time now is 07:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy