[tclug-list] A visitor account setup.

Mon Apr 21 21:02:33 CDT 2014

I removed write permissions from 'visitor' account <--via the 'sudo chmod u-w visitor'

Does not load 'No access'. to the 'visitor' account  

Error is reported as follows during opening the 'visitor' account via splashscreen.

'Could not update ICEauthority file /home/visitor/.ICEauthority'

Your suggestions are helpful.

Thank you, Sorry to ask so many questions.

From: pj.world at hotmail.com
To: tclug-list at mn-linux.org
Date: Mon, 21 Apr 2014 20:01:28 -0500
Subject: Re: [tclug-list] A visitor account setup.

Now what does the [.] mean in the lines you gave? Users Name? right?

I'd use like 'chmod u-w visitor'.

Can the visitor still write to the Shared folder then? <----i'll check it.

Of course, the user could always use a terminal to chmod u+w on that 
> directory, since they are still the owner. If you want a failsafe method, 
> you need to go in as root and make root the owner of his directory and 
> THEN remove the write permission while granting read! So something like 
> this: 

chown -R root:root .
>  	find . -type f -exec chmod 444 {} \;
>  	find . -type d -exec chmod 555 {} \;
> 
HOWEVER, note that with both methods, this will also prevent that user 
> from modifying anything. So no cache, no temporary files (in their 
> homedir), no new bookmarks, no saving any kind of config file, and 
> probably some other stuff peograms want to write in the homedir.
> 
> Of course, This might be exactly what you want. But it might have some 
> unexpected side-effects. Best thing to do is login as your guest account, 
> do the initial setup on any program you want to make sure will work, and 
> then change the ownership/permissions.

---------------------------------------------------------->I better read alot more!

change the group ownership to visitor:root?<------I better read more!

To much confusion for a noober Completely awesome!

Thought: Guest accounts are relatively easy to setup so if it blows up no big deal--rebuild.[ya right]
Thought: Reading is good trying to understand can be more difficult<----look at paul.<-me
Thought: learn permission numbering. [like 555] [644] [777]

Thank you,

> Date: Mon, 21 Apr 2014 19:12:03 -0500
> From: tclug at freakzilla.com
> To: tclug-list at mn-linux.org
> Subject: Re: [tclug-list] A visitor account setup.
> 
> You can easily remove write permission from that user's directory. If you 
> go into their homedir and
> 
>  	chmod -R ugo-w .
> 
> You'll need to have privs to do that to that homedir, so either sudo or 
> whatever you're using.
> 
> That'll remove write permissions while still allowing the user to read 
> everything.
> 
> Of course, the user could always use a terminal to chmod u+w on that 
> directory, since they are still the owner. If you want a failsafe method, 
> you need to go in as root and make root the owner of his directory and 
> THEN remove the write permission while granting read! So something like 
> this:
> 
>  	chown -R root:root .
>  	find . -type f -exec chmod 444 {} \;
>  	find . -type d -exec chmod 555 {} \;
> 
> (Yeah I did that the lazy way).
> 
> 
> 
> 
> 
> On Mon, 21 Apr 2014, paul g wrote:
> 
> > Thank you for your reply.
> > 
> > 1. Is there a relatively simple way to prohibit 'visitor' from removing
> > files/folders from their home directory? Such as .mozilla? etc. Which of
> > course could end up ruining their account. [could a solution be removing
> > 'visitors' write permissions? Hopefully 'visitor' would still be able to
> > write a file to the Shared folder then correct?
> > 
> > 2. A while back I read a page on the 'ask ubuntu' website concerning
> > 'prohibiting guest from emptying trash folder and deleting files' There were
> > about 4 steps that semi worked as I recall. 'visitor' was unable to empty
> > trash at the end. Though 'visitor' was still able to enter the file manager
> > and delete files that way. I ended up reverting everything within 'visitors'
> > account back to standard settings.
> > 
> > So if I remove the 'write permissions' from 'visitor' leave group alone so
> > 'visitors' permissions would look like this: dr-xrwx--- 29 visitor visitor
> > 4.0K Apr 18 19:22 visitor
> > 
> > Any ideas on this matter?
> > 
> > Attached to this email is a screenshot of the systems installed users
> > permissions/groups on the computer as of now shown in the bash-terminal.
> > 
> > Thanks for your help.
> > 
> > > Date: Mon, 21 Apr 2014 17:43:04 -0500
> > > From: tclug at freakzilla.com
> > > To: tclug-list at mn-linux.org
> > > Subject: Re: [tclug-list] A visitor account setup.
> > >
> > > On Mon, 21 Apr 2014, paul g wrote:
> > >
> > > > If I can ask why when user 'paul' is selected it does not show that
> > 'paul is
> > > > a member of paul's group'?
> > > > is it because 'paul' is an administrator?
> > >
> > > "paul" is probably in many groups. There's really no need to create a
> > > group specifically for "paul" since "paul" is a regular user, not a
> > > special user. You're not going to create multiple users who have the same
> > > special access as "paul" does.
> > >
> > > Groups are for combining roles, so you'll have "users", "administrators",
> > > etc.
> > > _______________________________________________
> > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > > tclug-list at mn-linux.org
> > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > 
> >
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
tclug-list at mn-linux.org
http://mailman.mn-linux.org/mailman/listinfo/tclug-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140421/af6ee8b8/attachment-0001.html>