D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Read-Only User



Mark Cubitt wrote:
> sorry I probably wasn't that clear, what I am trying to achieve is to get a
> user that can see the file structure and nothing else, so he can read but
> not write, they wont need to actually edit any files and it would be better
> if they couldn't (maybe like making the file system read-only just for them
> if that is possible)

Being pedantic, Unix doesn't go big on file structure ;-)

I assume you mean file system layout.

What are you trying to achieve Mark?

Typically modern systems have secret keys or similar files which are
kept unreadable by anyone but the user that owns them as compromise
would allow the machine to be cracked or impersonated (OpenSSH keys, Web
server certificates etc).

In principal you could give an account read access to every directory,
or every file, via access control lists, but it is a huge change to lots
of sensitive settings, and it isn't immediately obvious why you would
want to do this.

You could create a CD or similar image of the system, or ship the person
in question a backup tape, if you really have no secrets from them. But
if you are entrusting them with all your secrets, why can't you trust
them with the root password, the security implications are probably similar.

Attachment: pgp00016.pgp
Description: PGP signature


Lynx friendly