Join Log in
Score:0
james hofer avatar Ubuntu

Creating a user with root reading access, but only can write its own files

cn flag
james hofer

I need to create a user that can read files in system like root user, but can only write like a normal user.

How can it be done?

Thanks in advance.

67
1 + 8
vidarlo avatar
om flag
vidarlo
What are you attempting to achieve? This sounds like an [X-Y problem](https://xyproblem.info/).
1
Reply
james hofer avatar
cn flag
james hofer
@vidarlo The user can read any file in the system. But can only write files in /home/[user] which belongs to it. How can I give such permissions to a user?
0
Reply
vidarlo avatar
om flag
vidarlo
What is your end goal? What are you attempting to achieve?
1
Reply
james hofer avatar
cn flag
james hofer
@vidarlo I need to run my app in some servers. The app must not be ran as root. So a user is needed with those permissions. It needs to read any file but only can write for its own.
0
Reply
vidarlo avatar
om flag
vidarlo
What does your app do? Which files does it need to read? Why? This still sounds like X-Y problem...
0
Reply
sudodus avatar
jp flag
sudodus
What you need, that a normal user without sudo privileges cannot do? Details please.
0
Reply
james hofer avatar
cn flag
james hofer
@sudodus My app needs to be run by a specific user that described. Not a privileged user. It's a server app, so it needs security. I can't let it change any file in the system. But it needs to read any file because it works with file inputs in some parts.
0
Reply
sudodus avatar
jp flag
sudodus
There is no problem for 'a normal user without sudo privileges' to read most files. But there are some directories and files, that for security reasons have read permissions only for 'root', and those cannot be read by 'a normal user without sudo privileges'. I don't see any way to make a user that can read them without modifying the read permissions for those secret files, and I think it is a bad idea to make such modifications.
0
Reply
Score:1
Artur Meinild avatar Ubuntu
vn flag
Artur Meinild

You can't easily do this. The Unix/Linux permission model is based on "Owner/Group/Others" permissions.

Most files are readable by everyone by default. And applications (or components) that should read root exclusive files must be run as root.

Everybody has managed to use this system for many decades, so your application should be able to as well.

+ 5
james hofer avatar
cn flag
james hofer
Thanks for the answer. My app needs to be run by a specific user that described. Not a privileged user. It's a server app, so it needs security. I can't let it change any file in the system. But it needs to read any file because it works with file inputs in some parts.
0
Reply
Artur Meinild avatar
vn flag
Artur Meinild
Ok please tell: Which specific files, which are not already readable by anyone, does it need to read?
0
Reply
james hofer avatar
cn flag
james hofer
Sorry for the delay. Ok to be clear, you say a normal user can read all files in the system (even with different owners) except only specific files?
0
Reply
Artur Meinild avatar
vn flag
Artur Meinild
Yes mostly. Very few files a read-only by root. You can see it on the permissions.
0
Reply
james hofer avatar
cn flag
james hofer
Thanks my friend. I already upvoted your answer.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.