[jamesnkk]

Hello, I am a newbie in Linux. My company have a tester machine installed with Suse 10 samba.

I have set the IP address of the Linux machine to connect into the Windows 2003 server. So from my windows xp I could browse thru the machine and have set a share folder /tmp on the linux machine. Everything work perfect, the problem is that everytime the linux generate a new log file and save into the /tmp folder. From Windows XP, I cannot move the newly generate log file from /tmp folder to backup folder on linux machine.
When I look at the permission using ls -ls , the permission rwx was given to Root And it treated me as an "nobody" user account with only read permission. How can I change the permission so that "nobody" account also have the rwx permission. Security is not important. How could i perform such change ? May the expert please advise.

[edwardrsmith]

I have never used Suse but will try my best. First off, it sounds like you have shared the folder so anyone can access it. This gives you the user name nobody. If you instead changed the shares properties so that it asks you for a username and password then you should log in as yourself.

As for moving the log file. If the owner is root and the permissions don't give everyone write access then you have to either execute the command as root or try copying the file instead.

To execute a command as root, you will need to be logged in as an administrator. Then run the same command preceded by 'sudo'. So to move a file as root you would use the command 'sudo mv filename '. When prompted for a password, just enter the password for the user you are logged in as (this only works if the user you are logged in as has administrative privileges).

My suggestion would be to just copy the log files using the 'cp' command.

Finally, you could change the permissions on the log file thouhg this would be a bad idea as it represents a significant security hole. By changing the permissions of the log files so that everyone can move or edit them, if someone where to get into the system who didn't belong there, they would be able to remove the evidence of the intrusion which would be stored in the log files. Although they might be able to do this anyways they would need to have administrator privileges normally.

One quick note, when I say that sudo executes the command as root it really executes the command as a super-user who has permission to do almost anything. On most linux computers it is actually impossible to log in as root unless you specifically go and allow root login. In fact, in many cases, root doesn't even have a password.

If you need more specifics or have any more questions just let me know.

Edward

[jamesnkk]

Quote:

Originally Posted by edwardrsmith

I have never used Suse but will try my best. First off, it sounds like you have shared the folder so anyone can access it. This gives you the user name nobody. If you instead changed the shares properties so that it asks you for a username and password then you should log in as yourself.

As for moving the log file. If the owner is root and the permissions don't give everyone write access then you have to either execute the command as root or try copying the file instead.

To execute a command as root, you will need to be logged in as an administrator. Then run the same command preceded by 'sudo'. So to move a file as root you would use the command 'sudo mv filename '. When prompted for a password, just enter the password for the user you are logged in as (this only works if the user you are logged in as has administrative privileges).

My suggestion would be to just copy the log files using the 'cp' command.

Finally, you could change the permissions on the log file thouhg this would be a bad idea as it represents a significant security hole. By changing the permissions of the log files so that everyone can move or edit them, if someone where to get into the system who didn't belong there, they would be able to remove the evidence of the intrusion which would be stored in the log files. Although they might be able to do this anyways they would need to have administrator privileges normally.

One quick note, when I say that sudo executes the command as root it really executes the command as a super-user who has permission to do almost anything. On most linux computers it is actually impossible to log in as root unless you specifically go and allow root login. In fact, in many cases, root doesn't even have a password.

If you need more specifics or have any more questions just let me know.

Edward

Thnak you Edward for your reply and suggestion, In our environment, the Linux machine act as a Tester which test the board and everytime generate a new log file in the /tmp folder. No users will sit infront of the Linux to operate the command.

Developer at windows XP will then retreive the new log file from the /tmp folder and crunch the data, After data been crunched, it will move those log files into another folder. Since windows users are not authenticate , it treated as "Nobody" account, just to find out how can I make nobobdy account have the permission to read and write ?

[edwardrsmith]

Okay. If security is not a concern then there is a fairly simple solution though it will completely compromise the system.

If you edit the sudoers file by adding this line to it:

ALL ALL:(ALL) NOPSSWD:/bin/mv

WARNING: This completely compromises the system as any user can move any file on the system.

This would allow anyone to run the mv command without a password and should solve your problem if you have no security concerns. If you wanted to try and make is a little more secure you could replace the first all with nobody. I don't know if it would work with this change but I think it would.

The syntax for the above line can be found here .

If this doesn't work let me know and there is another slightly more complicated solution but it represents an even greater security risk and a drain on the machine.

Edward

EDIT: I am not positive that this will work in Suse but I think that it should. The sudoers file seems to be the same among all linux distributions which I have seen any experience about.

[jamesnkk]

Quote:

Originally Posted by edwardrsmith

Okay. If security is not a concern then there is a fairly simple solution though it will completely compromise the system.

If you edit the sudoers file by adding this line to it:

ALL ALL:(ALL) NOPSSWD:/bin/mv

WARNING: This completely compromises the system as any user can move any file on the system.

This would allow anyone to run the mv command without a password and should solve your problem if you have no security concerns. If you wanted to try and make is a little more secure you could replace the first all with nobody. I don't know if it would work with this change but I think it would.

The syntax for the above line can be found here .

If this doesn't work let me know and there is another slightly more complicated solution but it represents an even greater security risk and a drain on the machine.

Edward

EDIT: I am not positive that this will work in Suse but I think that it should. The sudoers file seems to be the same among all linux distributions which I have seen any experience about.

Hi Edward,

Thank you so much for the valuable information, I will try and get back to you.