<html>
<head>
</head>
<body class='hmmessage'><div dir='ltr'>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">I removed write permissions from 'visitor' account <--via the 'sudo chmod u-w visitor'<br><br>Does not load 'No access'. to the 'visitor' account <br><br>Error is reported as follows during opening the 'visitor' account via splashscreen.<br><br>'Could not update ICEauthority file /home/visitor/.ICEauthority'<br><br><br><br>Your suggestions are helpful.<br><br>Thank you, Sorry to ask so many questions.<br><br><br><br><div><hr id="stopSpelling">From: pj.world@hotmail.com<br>To: tclug-list@mn-linux.org<br>Date: Mon, 21 Apr 2014 20:01:28 -0500<br>Subject: Re: [tclug-list] A visitor account setup.<br><br>
<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style>
<div dir="ltr">Now what does the [.] mean in the lines you gave? Users Name? right?<br><br>I'd use like 'chmod u-w visitor'.<br><br>Can the visitor still write to the Shared folder then? <----i'll check it.<br><br>Of course, the user could always use a terminal to chmod u+w on that <br>> directory, since they are still the owner. If you want a failsafe method, <br>> you need to go in as root and make root the owner of his directory and <br>> THEN remove the write permission while granting read! So something like <br>> this: <br><br>chown -R root:root .<br>> find . -type f -exec chmod 444 {} \;<br>> find . -type d -exec chmod 555 {} \;<br>> <br>HOWEVER, note that with both methods, this will also prevent that user <br>> from modifying anything. So no cache, no temporary files (in their <br>> homedir), no new bookmarks, no saving any kind of config file, and <br>> probably some other stuff peograms want to write in the homedir.<br>> <br>> Of course, This might be exactly what you want. But it might have some <br>> unexpected side-effects. Best thing to do is login as your guest account, <br>> do the initial setup on any program you want to make sure will work, and <br>> then change the ownership/permissions.<br><br>---------------------------------------------------------->I better read alot more!<br><br>change the group ownership to visitor:root?<------I better read more!<br><br>To much confusion for a noober Completely awesome!<br><br>Thought: Guest accounts are relatively easy to setup so if it blows up no big deal--rebuild.[ya right]<br>Thought: Reading is good trying to understand can be more difficult<----look at paul.<-me<br>Thought: learn permission numbering. [like 555] [644] [777]<br> <br>Thank you,<br><br><br><div>> Date: Mon, 21 Apr 2014 19:12:03 -0500<br>> From: tclug@freakzilla.com<br>> To: tclug-list@mn-linux.org<br>> Subject: Re: [tclug-list] A visitor account setup.<br>> <br>> You can easily remove write permission from that user's directory. If you <br>> go into their homedir and<br>> <br>> chmod -R ugo-w .<br>> <br>> You'll need to have privs to do that to that homedir, so either sudo or <br>> whatever you're using.<br>> <br>> That'll remove write permissions while still allowing the user to read <br>> everything.<br>> <br>> Of course, the user could always use a terminal to chmod u+w on that <br>> directory, since they are still the owner. If you want a failsafe method, <br>> you need to go in as root and make root the owner of his directory and <br>> THEN remove the write permission while granting read! So something like <br>> this:<br>> <br>> chown -R root:root .<br>> find . -type f -exec chmod 444 {} \;<br>> find . -type d -exec chmod 555 {} \;<br>> <br>> (Yeah I did that the lazy way).<br>> <br>> <br>> <br>> <br>> <br>> On Mon, 21 Apr 2014, paul g wrote:<br>> <br>> > Thank you for your reply.<br>> > <br>> > 1. Is there a relatively simple way to prohibit 'visitor' from removing<br>> > files/folders from their home directory? Such as .mozilla? etc. Which of<br>> > course could end up ruining their account. [could a solution be removing<br>> > 'visitors' write permissions? Hopefully 'visitor' would still be able to<br>> > write a file to the Shared folder then correct?<br>> > <br>> > 2. A while back I read a page on the 'ask ubuntu' website concerning<br>> > 'prohibiting guest from emptying trash folder and deleting files' There were<br>> > about 4 steps that semi worked as I recall. 'visitor' was unable to empty<br>> > trash at the end. Though 'visitor' was still able to enter the file manager<br>> > and delete files that way. I ended up reverting everything within 'visitors'<br>> > account back to standard settings.<br>> > <br>> > So if I remove the 'write permissions' from 'visitor' leave group alone so<br>> > 'visitors' permissions would look like this: dr-xrwx--- 29 visitor visitor<br>> > 4.0K Apr 18 19:22 visitor<br>> > <br>> > Any ideas on this matter?<br>> > <br>> > Attached to this email is a screenshot of the systems installed users<br>> > permissions/groups on the computer as of now shown in the bash-terminal.<br>> > <br>> > Thanks for your help.<br>> > <br>> > > Date: Mon, 21 Apr 2014 17:43:04 -0500<br>> > > From: tclug@freakzilla.com<br>> > > To: tclug-list@mn-linux.org<br>> > > Subject: Re: [tclug-list] A visitor account setup.<br>> > ><br>> > > On Mon, 21 Apr 2014, paul g wrote:<br>> > ><br>> > > > If I can ask why when user 'paul' is selected it does not show that<br>> > 'paul is<br>> > > > a member of paul's group'?<br>> > > > is it because 'paul' is an administrator?<br>> > ><br>> > > "paul" is probably in many groups. There's really no need to create a<br>> > > group specifically for "paul" since "paul" is a regular user, not a<br>> > > special user. You're not going to create multiple users who have the same<br>> > > special access as "paul" does.<br>> > ><br>> > > Groups are for combining roles, so you'll have "users", "administrators",<br>> > > etc.<br>> > > _______________________________________________<br>> > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>> > > tclug-list@mn-linux.org<br>> > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list<br>> > <br>> ><br>> _______________________________________________<br>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>> tclug-list@mn-linux.org<br>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list<br></div> </div>
<br>_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
tclug-list@mn-linux.org
http://mailman.mn-linux.org/mailman/listinfo/tclug-list</div></div>
</div></body>
</html>