[CS-FSLUG] Permissions Structure
Ed Hurst
ehurst at soulkiln.org
Sat Jan 10 10:18:33 CST 2009
On Sat, 10 Jan 2009, l4c at thelinuxlink.net wrote:
> > Can someone outline for me the most efficient way to loosen such
> > restrictions? I admit I don't understand whether it's a matter of PAM,
> > or groups, or simply a collection of decisions about folder and file
> > default permissions. It seems picking away at individual issues isn't
> > very efficient when the difference is something more fundamental.
>
> If this is a personal box, or just one that you administer, the
> easiest way for you to make sure you have access to everything you
> need is to make sure you user is in /etc/sudoers. Once you are in
> there as an "ALL" user, you can simply access restricted things by
> using sudo to do it. For example, "sudo cat /var/somelog" or "sudo
> /sbin/shutdown" will ask you for a password - YOURS not roots, and
> then perform the specified task as a system superuser.
Thanks; been there and done that. It may end up being the "final
solution" on my imaginary future Linux distro.
I've also looked at umask, and a few other items. I turned off SELinux
on CentOS because it's still way over my head. The irony is, so far,
SELinux may still be the shortest path to implement broader permissions
on anything related to RHEL.
I was hoping someone we more familiar with the policies of various
distros so I could get a summary of what is different. For example,
openSUSE allows me to read almost anything in /var/log, but CentOS
has only a few open to my user ID.
On a related matter, default file movement permissions are much more
strict on removeable devices. The rsync tutorial a few months back
doesn't work so well on CentOS. I used a SUSE box to create the backup
on my ext3-fomatted flash drive -- user was able to run the command. On
a Debian installation, I could run it again without trouble as a normal
user. In CentOS, only root can perform that operation, because the user
doesn't have permission.
While those activities aren't likely for the common home user refugee
from Redmond, it signals to me possibly complaints I might have if I
ask one of them to try CentOS. If there is something I can do to
simplify user access on CentOS, then I can "repackage" it and save the
poor benighted souls. At least, it helps resolve one issue.
--
Ed Hurst
------------
Associate Editor, Open for Business: http://ofb.biz/
Applied Bible - http://soulkiln.org/
Kiln of the Soul - http://soulkiln.blogspot.com/
More information about the Christiansource
mailing list