Changing directory on Unix

taher_n · June 4, 2002, 1:04am

Hi,
Can you please help ? I work on SCO Unix Open server Rel. 5.
User root on Unix can change/view/modify any files belonging to any user on a file system.
Is there any way where I can prevent non-root users to change thier directories to other non-root users area.

for eg. There are 2 users User A and User B.
User A's home directory is /A
User B's home directory is /B

My objective is user A should not be allowed to change his pwd (present working directory) to /B and user A should also not be allowed to list the files which are stored in /B directory ( home of user B).

Setting necessary read-write-execute permissions does not prevent either users to change directories in each others area and they are still able to list what files are stored in each others directories.

Is there any way ?
Thanks for your time and regards.
Taher

iat00 · June 4, 2002, 7:29am

Try this (as root, of course):

# chown A ~A
# chown B ~B
# chmod 700 ~A ~B

Now nobody else can change into home directory of them. They can do theirself and root only.

Changing to a directory requires execution right (-x-), reading the contents of a directory requires read right (-r-).

So it depends on what exactly you want to allow them. For example if you want to allow A to change to ~B (~ means home directory of ...) but not to allow to read:

# groupadd oaandb (only A and B)
# usermod -G oaandb A
# usermod -G oaandb B
# chgrp oaandb ~B
# chmod g+x ~B

You can use access control lists (ACL) to eliminate creation of this kind of groups everytime

Originally posted by taher_n
Hi,
Can you please help ? I work on SCO Unix Open server Rel. 5.
User root on Unix can change/view/modify any files belonging to any user on a file system.
Is there any way where I can prevent non-root users to change thier directories to other non-root users area.

for eg. There are 2 users User A and User B.
User A's home directory is /A
User B's home directory is /B

My objective is user A should not be allowed to change his pwd (present working directory) to /B and user A should also not be allowed to list the files which are stored in /B directory ( home of user B).

Setting necessary read-write-execute permissions does not prevent either users to change directories in each others area and they are still able to list what files are stored in each others directories.

Is there any way ?
Thanks for your time and regards.
Taher

linuxpenguin · June 4, 2002, 4:45pm

Hi,

As far as i my knowledge goes if a directory does not have a execute permission you cannot do d cd to that directory

e.g dir A has permissions 744
and anyone other than the owner tries to do 'cd A' will get a error saying permission denied

as per iat00's reply i think you need not set the permissions to 700 , coz the cd command checks only for the execute permission as far as a directory file is concerned

i hope i m very clear

rgds
penguin

taher_n · June 5, 2002, 12:45am

Thanks "iat00" and "linuxpenguin" yes ! what u both have suggested works out for me !!
actually i had misunderstood before that the bit "x" only controls excution rights and not cd (change directories).
thanx once again for ur time
regs
Taher