[Users] password protection
Ralf Mardorf
info.mardorf at rocketmail.com
Fri Jan 29 07:41:35 CET 2016
On Fri, 29 Jan 2016 00:44:00 +0000, Kevin Chadwick wrote:
>> A family Linux computer where everybody is doing stuff, but the
>> email program of the user account (owner) be protected by password
>> (or some other way?) against misuse by nasty kids. The whole program
>> needs to be restriced, with all folders, not only downloading mails,
>> so just using the mailbox password is not an option. Any ideas how
>> to achieve this ?
>
>Sudo -u mailuser as Ralf said
>
>also you must chmod the claws mail directory and claws executable
>appropriately
>
>then all you have to worry about is a password logger running when you
>enter any password.
I've got two users, the user of the session
[rocketmouse at archlinux ~]$ grep rocketmouse /etc/passwd
rocketmouse:x:1000:1000::/home/rocketmouse:/bin/bash
and another user
[rocketmouse at archlinux ~]$ grep chuser /etc/passwd
chuser:x:1001:1001::/.chuser/.home:/bin/bash
the user of the session can't access the directory of the other user's
sylpheed files
[rocketmouse at archlinux ~]$ ls -l /.chuser/.home/
ls: cannot open directory /.chuser/.home/: Permission denied
but I can run sylpheed as another user and the other user's sylpheed has
got access to the user's files ...
[rocketmouse at archlinux ~]$ chuser sylpheed
access control disabled, clients can connect from any host
access control enabled, only authorized clients can connect
[rocketmouse at archlinux ~]$ grep -v "#" /usr/local/bin/chuser
xhost +
gksudo -u chuser "$*"
xhost -
exit
... because the other user is in the group of the session's user:
[rocketmouse at archlinux ~]$ id chuser
uid=1001(chuser) [snip] 1000(rocketmouse) [snip]
Some people guess xhost isn't needed when using gksudo, but it is.
Just running 'gksudo -u chuser sylpheed' will not open a sylpheed
window.
Running 'xhost + && gksudo -u chuser sylpheed' does open a sylpheed
window. However, there's no need to run 'xhost +', you could specify a
name,
http://unix.stackexchange.com/questions/177557/what-does-this-xhost-command-do
More information about the Users
mailing list