How to hide . folders

I have a folder, /home/shared, which contains directories that are literally
'shares' for a small network. I've set up permissions in which a person can
or cannot access these directories based on being a group member.

When the person logs in via SSH, they see these folders AND all sorts of
'grayed out' folders, usually . directories. How can I get it to show ONLY
the folders I want them to see and none of the system / critical files,
without using client-side 'don't show hidden files and folders'?

Thanks,
Eve

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: How to hide . folders

On Thu, 5 Aug 2004, Eve Atley wrote:

>
> I have a folder, /home/shared, which contains directories that are li=
terally
> 'shares' for a small network. I've set up permissions in which a pers=
on can
> or cannot access these directories based on being a group member.
>
> When the person logs in via SSH, they see these folders AND all sorts=
of
> 'grayed out' folders, usually . directories. How can I get it to show=
ONLY
> the folders I want them to see and none of the system / critical file=
s,
> without using client-side 'don't show hidden files and folders'?
>
> Thanks,
> Eve
>

I think you're omitting something in your description - if I log in to
another box on my network using ssh, I get a normal terminal session an=
d
I'm in my ~/ directory, either from a console or from an xterm. "grayed
out" doesn't fit with that, it sounds as if they are using some sort of
graphical front-end. And therefore, it sounds as if it *is* a
client-side "don't show hidden..." issue. Or tell them to run ssh from
within a(n) aterm|gterm|konsole|xterm.

AFAIK there is no way of hiding non-hidden directories such as /etc an=
d
/usr/bin - normal users will have read access to these, so they can use
e.g. /usr/bin/zgrep as an example script.

Somewhat similar to when you save from a graphical browser and blunder
around the directory hierarchy trying to find the right place to save
something : system directories show up if you go too far up the
hierarchy, but permissions should prevent you writing in them.

Ken
--
das eine Mal als Tragödie, das andere Mal als Farce

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie"=
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: How to hide . folders

Ken, thanks for the reply.

You're correct... This is SSH via a graphical client. They are non-technical
folks who need something simple. I'm just trying to protect any system files
from accidental deletion.

Is my question better stated, then, as how to prevent users from deleting
any of the directories they encounter? If that's the correct question, then
is my solution to set a read-only on any folders that I don't wish deleted?

> something : system directories show up if you go too far up the
> hierarchy, but permissions should prevent you writing in them.

Is it possible to keep users from proceeding up further in the hierarchy, by
chance?

- Eve


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: How to hide . folders

On Thu, 5 Aug 2004, Eve Atley wrote:

>
> Ken, thanks for the reply.
>
> You're correct... This is SSH via a graphical client. They are non-te=
chnical
> folks who need something simple. I'm just trying to protect any syste=
m files
> from accidental deletion.
>
> Is my question better stated, then, as how to prevent users from dele=
ting
> any of the directories they encounter? If that's the correct question=
, then
> is my solution to set a read-only on any folders that I don't wish de=
leted?
>
I'm not an expert on this, but a quick test suggests users need write
permission on the directory to be able to write/delete the contents.

For genuine system directories, users should already be unable to
delete them (hint: don't test this on the real directories just in
case!). For your new data directories, maybe some of the data can
conveniently live in read-only directories. Beyond that, frequent
backups (search for backing up with rsync) are good.

> > something : system directories show up if you go too far up the
> > hierarchy, but permissions should prevent you writing in them.
>
> Is it possible to keep users from proceeding up further in the hierar=
chy, by
> chance?
>
> - Eve
>
>

I don't think so. Normally, everyone can read the top-level
directories except lost+found and they certainly need access to /tmp,

Ken
--=20
das eine Mal als Tragödie, das andere Mal als Farce

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie"=
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: How to hide . folders

At 09:13 AM 8/6/2004 +0100, Ken Moffat wrote:
>On Thu, 5 Aug 2004, Eve Atley wrote:
>
> >
> > Ken, thanks for the reply.
> >
> > You're correct... This is SSH via a graphical client. They are
> non-technical
> > folks who need something simple. I'm just trying to protect any system
> files
> > from accidental deletion.

It might be worth your while to tell us the "graphical client" involved,
and (of more use) what server is running on the Linux end for it to connect
to. It sounds like you are using ssh to tunnel something, and the unnamed
something may have some abilities to control what users see. ssh by itself
(that is, used to initiate a console session) does not have that ability.

> >
> > Is my question better stated, then, as how to prevent users from deleting
> > any of the directories they encounter? If that's the correct question, then
> > is my solution to set a read-only on any folders that I don't wish deleted?
> >
> I'm not an expert on this, but a quick test suggests users need write
>permission on the directory to be able to write/delete the contents.

Ken is correct as far as he goes, but I don't know if he's gone far enough
to answer your question.

Remember that in Linux or Unix (at least with native-mode filesystems),
every directory and file has 3 sets of permissions -- for the
directory/file's owner, its group, and "everybody". Here, you're concerned
about either the second or third set ... from what you've written, I'm not
sure which.

The directory's actual owner will almost surely want to have rwx
permissions. But the directory's group and "everybody" modes can be more
restrictive. How restrictive depends on details you have not told us about
your setup.

For example, if you want these users to be able to cd to the directories in
question, list their contents, and run programs and scripts located in
them, then the users need execute (x) access to these directories. Read
access (r) by itself will not do. The files and subdirectories within these
directories should be, for those users, either read-only (r--) or
read-execute (r-x), as appropriate. Whether these settings apply to the
group permissions or the everybody permissions depends on details that
either you have not provided or I missed.

> For genuine system directories, users should already be unable to
>delete them (hint: don't test this on the real directories just in
>case!). For your new data directories, maybe some of the data can
>conveniently live in read-only directories. Beyond that, frequent
>backups (search for backing up with rsync) are good.
>
> > > something : system directories show up if you go too far up the
> > > hierarchy, but permissions should prevent you writing in them.
> >
> > Is it possible to keep users from proceeding up further in the
> hierarchy, by
> > chance?
> >
> > - Eve
> >
> >
>
> I don't think so. Normally, everyone can read the top-level
>directories except lost+found and they certainly need access to /tmp,

Right. Your only hope here is that the specific "graphical client" your
naive users connect through has some capability to help you.

I don't know a way to prevent any user from seeing the very top level of
your filesystem hierarchy (the contents of /). And your system will act
very strangely if /tmp is not mode 777, as Ken says. Beyond that ... other
top-level directories are usually mode 755, and need to be so users can run
the programs and access the other files (e.g., program configuration files)
in them.



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: How to hide . folders

Eve Atley wrote:
> Ken, thanks for the reply.

> Is my question better stated, then, as how to prevent users from deleting
> any of the directories they encounter? If that's the correct question, then
> is my solution to set a read-only on any folders that I don't wish deleted?

There are a couple of things here:

if you set the sticky bit ( u+t ) then users will only be able to delete
files that they own unless they own the sticky

The ability to delete files depends on the permissions of the directory
they are in. Removing a directory requires permission to the directory that
contains it as well as that the directory be empty. If a directory is
readonly to a user and contains *anything* (other than . and ..) then it
is effectively un-removable regardless of parent directory permisions.
It is still renameable if the directory is rw with no sticky bit set.

>
>
>>something : system directories show up if you go too far up the
>>hierarchy, but permissions should prevent you writing in them.
>
>
> Is it possible to keep users from proceeding up further in the hierarchy, by
> chance?

If you lave the execute bit on but turn off the read bit, then
programs (including GUIs) will be unable to search the directory.
Any program which knows the name of the file it's looking for
will still work fine. I think that this may be close enough to
what you want.

--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication. Transformation touching
the jewel within each person and bringing it to light.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: How to hide . folders (resolved)

Just wanted to update folks on my solution to this problem of wanting to
hide all but necessary folders to users logging in via an SSH GUI!

What got me started in the right direction was sorting out permissions and
finding out more about the sticky bit.

What eventually fixed my issue for this situation was adding a user like so:
useradd -M -d /home/shared/ [username] -p [password]

The scenario in this case was to dump a user upon login to a particular
directory, but NOT create any extraneous folders. -M eliminates the need for
all those folders to be created in the first place. -d starts them out in
the folder I request (in this case /home/shared). It appears to create a
bash-history only, but I really don't mind if someone accidentally deletes
this one, since these are logins from a GUI.

Thanks to all,
Eve


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs