I logged into 'visitor' I am unable to chmod or do any permission changes there under the 'visitor' account. I can perform 'rm' on certain files though [visitor home]. I will look into it for what it's worth I am a 'slow study' as you may know by now. Thanks, paul Date: Mon, 21 Apr 2014 21:23:26 -0500 From: tclug at freakzilla.com To: tclug-list at mn-linux.org Subject: Re: [tclug-list] A visitor account setup. Yup, warned you that might happen. That file might be required for the DTE you're using, so just go ahead and give the user write permissions on that one file. If it doesn't exist, create it first using touch and then change permissions. Like I mentioned, though, removing write-access for the user "visitor" on files and directories owned by that user is inneffective. The user can always chmod the permissions back! On Mon, 21 Apr 2014, paul g wrote: > I removed write permissions from 'visitor' account <--via the 'sudo chmod > u-w visitor' > > Does not load 'No access'. to the 'visitor' account > > Error is reported as follows during opening the 'visitor' account via > splashscreen. > > 'Could not update ICEauthority file /home/visitor/.ICEauthority' > > > > Your suggestions are helpful. > > Thank you, Sorry to ask so many questions. > > > > ____________________________________________________________________________ > From: pj.world at hotmail.com > To: tclug-list at mn-linux.org > Date: Mon, 21 Apr 2014 20:01:28 -0500 > Subject: Re: [tclug-list] A visitor account setup. > > Now what does the [.] mean in the lines you gave? Users Name? right? > > I'd use like 'chmod u-w visitor'. > > Can the visitor still write to the Shared folder then? <----i'll check it. > > Of course, the user could always use a terminal to chmod u+w on that > > directory, since they are still the owner. If you want a failsafe method, > > you need to go in as root and make root the owner of his directory and > > THEN remove the write permission while granting read! So something like > > this: > > chown -R root:root . > > find . -type f -exec chmod 444 {} \; > > find . -type d -exec chmod 555 {} \; > > > HOWEVER, note that with both methods, this will also prevent that user > > from modifying anything. So no cache, no temporary files (in their > > homedir), no new bookmarks, no saving any kind of config file, and > > probably some other stuff peograms want to write in the homedir. > > > > Of course, This might be exactly what you want. But it might have some > > unexpected side-effects. Best thing to do is login as your guest account, > > do the initial setup on any program you want to make sure will work, and > > then change the ownership/permissions. > > ---------------------------------------------------------->I better read > alot more! > > change the group ownership to visitor:root?<------I better read more! > > To much confusion for a noober Completely awesome! > > Thought: Guest accounts are relatively easy to setup so if it blows up no > big deal--rebuild.[ya right] > Thought: Reading is good trying to understand can be more difficult<----look > at paul.<-me > Thought: learn permission numbering. [like 555] [644] [777] > > Thank you, > > > > Date: Mon, 21 Apr 2014 19:12:03 -0500 > > From: tclug at freakzilla.com > > To: tclug-list at mn-linux.org > > Subject: Re: [tclug-list] A visitor account setup. > > > > You can easily remove write permission from that user's directory. If you > > go into their homedir and > > > > chmod -R ugo-w . > > > > You'll need to have privs to do that to that homedir, so either sudo or > > whatever you're using. > > > > That'll remove write permissions while still allowing the user to read > > everything. > > > > Of course, the user could always use a terminal to chmod u+w on that > > directory, since they are still the owner. If you want a failsafe method, > > you need to go in as root and make root the owner of his directory and > > THEN remove the write permission while granting read! So something like > > this: > > > > chown -R root:root . > > find . -type f -exec chmod 444 {} \; > > find . -type d -exec chmod 555 {} \; > > > > (Yeah I did that the lazy way). > > > > > > > > > > > > On Mon, 21 Apr 2014, paul g wrote: > > > > > Thank you for your reply. > > > > > > 1. Is there a relatively simple way to prohibit 'visitor' from removing > > > files/folders from their home directory? Such as .mozilla? etc. Which of > > > course could end up ruining their account. [could a solution be removing > > > 'visitors' write permissions? Hopefully 'visitor' would still be able to > > > write a file to the Shared folder then correct? > > > > > > 2. A while back I read a page on the 'ask ubuntu' website concerning > > > 'prohibiting guest from emptying trash folder and deleting files' There > were > > > about 4 steps that semi worked as I recall. 'visitor' was unable to > empty > > > trash at the end. Though 'visitor' was still able to enter the file > manager > > > and delete files that way. I ended up reverting everything within > 'visitors' > > > account back to standard settings. > > > > > > So if I remove the 'write permissions' from 'visitor' leave group alone > so > > > 'visitors' permissions would look like this: dr-xrwx--- 29 visitor > visitor > > > 4.0K Apr 18 19:22 visitor > > > > > > Any ideas on this matter? > > > > > > Attached to this email is a screenshot of the systems installed users > > > permissions/groups on the computer as of now shown in the bash-terminal. > > > > > > Thanks for your help. > > > > > > > Date: Mon, 21 Apr 2014 17:43:04 -0500 > > > > From: tclug at freakzilla.com > > > > To: tclug-list at mn-linux.org > > > > Subject: Re: [tclug-list] A visitor account setup. > > > > > > > > On Mon, 21 Apr 2014, paul g wrote: > > > > > > > > > If I can ask why when user 'paul' is selected it does not show that > > > 'paul is > > > > > a member of paul's group'? > > > > > is it because 'paul' is an administrator? > > > > > > > > "paul" is probably in many groups. There's really no need to create a > > > > group specifically for "paul" since "paul" is a regular user, not a > > > > special user. You're not going to create multiple users who have the > same > > > > special access as "paul" does. > > > > > > > > Groups are for combining roles, so you'll have "users", > "administrators", > > > > etc. > > > > _______________________________________________ > > > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > > > tclug-list at mn-linux.org > > > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > > > > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > tclug-list at mn-linux.org > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ TCLUG Mailing List - > Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140421/bfe1ba20/attachment-0001.html>