0

I have few directories with files on debian 9 system. I want to disable privilege to read these directories for everyone than owner, but I want to let some users list files in this directories only by my own script in bash. I change privileges to directories and to my script but i get "permission denied" when i try using it. I understand why, but cant fix it.

Kriti Pawar
  • 832
  • 7
  • 15
Delfin17
  • 3
  • 2
  • `I want to disable privilege to read these directories for everyone than owner` = you want to set rest-of-the-world to NOt list the directories, and to NOt read the files ? And you want some people "maybe who are in a group" to YES list directories and to NOt read files ? –  May 23 '20 at 16:54
  • We have in Linux USER , GROUP and REST-OF-THE-WORLD, please formulate your question using this terms. GROUP is a group of users who have special rights. –  May 23 '20 at 16:57
  • Yeah, thats right. I mean, i wanna create user at example "user1" who can list specific some files in directory. I Read something, and I found the ability to run a script with the rights of another user, so I really need to create a user "user1" which will be able to ONLY run my script "script.sh" which will have permission to read files from the directory. Is it possible? – Delfin17 May 23 '20 at 16:58
  • so "user1" should not be able to write, just to read and execute the scripts you have written using your own user "user0" ? And he should be ables to list the directory you created ? and rest-of-the-world should not be able to list, read, write, or execute your files ? –  May 23 '20 at 17:01
  • Are you looking for the `set user ID, setuid`? Directory mode 700, and when accessed with the set user id on the script, access anyway. – Walter A May 24 '20 at 13:40

1 Answers1

1

OKAY after we had a small chat I understand the following:

that you (your user is called user0) have a directory with some files in it, and you have a special category of users (user1,user2...usern) on your machine that you want to give access to this folder. First you must create a group called for example "cowboys" witch the users who will be privileged to read, and execute the folder will add.

# create the group cowboys
groupadd cowboys 

# add user1, user2, etc to the group
usermod -a -G cowboys user1 user2 .... usern

Lets admit your folder that you want to give access to is called "/somehow/there/dictionary"

So after you created the folder and joined it, you chown it to you and the group cowboys

chown user0:cowboys /somehow/there/dictionary

in the next step you must chmod the folder it in a way that you can read(400) write(200) and execute(100), cowboys can read(40) and execute(10) and rest of the word can nothing(0).

chmod 750 /somehow/there/dictionary

the last step is that you now must chmod the files in the derectory
1) The executable files you must chmod very similar to the way you chmod the folders, because folders need to have "executable" rights for one to "cd" in the folder

chmod 750 /somehow/there/dictionary/*

2) the non executable files you will chmod like this :

chmod 640 /somehow/there/dictionary/*

and this should do the trick.