#1 2017-01-04 14:55:06

Luki

Member

Registered: 2016-11-16

Posts: 16

[ Solved ] A folder put behind root still opens with a user password

Hi!

So i made a root account and by my understanding made a folder only accessible by root by issuing chmod 400 for it. Yet still when trying to open it from the thunar context menu, it still opens with a user password.. So I need some help.

Last edited by Luki (2017-01-10 08:52:33)

nobody

The Great

Registered: 2015-08-10

Posts: 3,655

Re: [ Solved ] A folder put behind root still opens with a user password

1. Folders must have the executable bit set. That is, you want mode 700.
2. The folder must be owned by root:root.
3. All files below that folder must have correct modes and ownerships, too. A file with mode 644 in a directory with mode 700 is still world-readable, though the directory it is in is not.

So, assuming $PATH is the path to the folder in question,

sudo chown root:root -R "$PATH"
sudo find "$PATH" -type d -exec chmod 700 {} \+
sudo find "$PATH" -type f -exec chmod go-rwx {} \+

and root must create directories and files with a fitting umask, you'd probably want 0007.

Luki

Member

Registered: 2016-11-16

Posts: 16

Re: [ Solved ] A folder put behind root still opens with a user password

3. All files below that folder must have correct modes and ownerships, too. A file with mode 644 in a directory with mode 700 is still world-readable, though the directory it is in is not.

What does this mean? The continents of the folder would be seen when using a program  like a music player or image viewer by the user? Or can you give me an example?

Luki

Member

Registered: 2016-11-16

Posts: 16

Re: [ Solved ] A folder put behind root still opens with a user password

For some reason I do not seem to be able to create a situation where the folder and its contents only open with a root password.. I followed the instructions and still they open with my regular user.

Head_on_a_Stick

Member

From: London

Registered: 2015-09-29

Posts: 9,093

Website

Re: [ Solved ] A folder put behind root still opens with a user password

by my understanding made a folder only accessible by root by issuing chmod 400 for it.

Yes, that is correct:

TheLab: ~ $ su -
TheLab: ~ # mkdir /test
TheLab: ~ # chmod 400 /test
TheLab: ~ # touch /test/test
TheLab: ~ # ls /test
test
TheLab: ~ # exit
TheLab: ~ $ ls /test
ls: cannot open directory /test: Permission denied
TheLab: ~ 2$

I have the same result with thunar...

So you must have done something wrong

Please list the *exact* commands that you used, both to set a root password and to apply the permissions to the folder in question.

---

Para todos todo, para nosotros nada

Luki

Member

Registered: 2016-11-16

Posts: 16

Re: [ Solved ] A folder put behind root still opens with a user password

I have the same result with thunar...

So you must have done something wrong

Please list the *exact* commands that you used, both to set a root password and to apply the permissions to the folder in question.

I use the exact same commands with the exact same results BUT when I go to thunar and click "Open as a Root" and it prompts for the administrative password it opens with the user password, not with the root password. There is clearly something I do not understand here, may it have to do something with the settings in the sudoers file and/or the way I am logged in or something. If i have understood correctly, Bunsenlabs default settings are such that every user in the sudo group has access to root and therefore changing ownership and permissions to root do not permit users accessing files and folders with their sudo passwords. I dont know how to change things so that files owned by root can only be accessed with root password and not with a users sudo password.

damo

....moderator....

Registered: 2015-08-20

Posts: 6,734

Re: [ Solved ] A folder put behind root still opens with a user password

Surely "Open as Root" requires the user's sudo password, to open the file with root privileges? That is the expected behaviour for Thunar.

To run as the root user, wouldn't you have to log in as root?

---

Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

tynman

Member

Registered: 2015-10-13

Posts: 93

Re: [ Solved ] A folder put behind root still opens with a user password

I don't use Thunar, so maybe I should keep my yap shut. The confusion may simply be here:

it prompts for the administrative password it opens with the user password, not with the root password

...  Assuming that "running Thunar open as root" really means to "run Thunar with sudo", then you would definitely need to supply your own password, not root's password. (Because the whole point of sudo is to allow a user (who has been authorized to use sudo) to temporarily gain some/all of root's privileges.)

PackRat

jgmenu user Numero Uno

Registered: 2015-10-02

Posts: 2,666

Re: [ Solved ] A folder put behind root still opens with a user password

^ that's what I was thinking. Using sudo instead of su, gksu, or pkexec.

I don't use BL, but based on this -

Yet still when trying to open it from the thunar context menu, it still opens with a user password..

Is that a custom action in thunar for BL? I don't have any sort of "open as root" type context menu in thunar (Void linux Xfce desktop).

Last edited by PackRat (2017-01-05 22:43:03)

---

You must unlearn what you have learned.
    -- yoda

Luki

Member

Registered: 2016-11-16

Posts: 16

Re: [ Solved ] A folder put behind root still opens with a user password

I don't use Thunar, so maybe I should keep my yap shut. The confusion may simply be here:

it prompts for the administrative password it opens with the user password, not with the root password

...  Assuming that "running Thunar open as root" really means to "run Thunar with sudo", then you would definitely need to supply your own password, not root's password. (Because the whole point of sudo is to allow a user (who has been authorized to use sudo) to temporarily gain some/all of root's privileges.)

Given that things very likely are just as you described, how then will I achieve a situation where a user can pretty much do everything else but not access and view this one folder?

Luki

Member

Registered: 2016-11-16

Posts: 16

Re: [ Solved ] A folder put behind root still opens with a user password

^ that's what I was thinking. Using sudo instead of su or gksu.
Is that a custom action in thunar for BL? I don't have any sort of "open as root" type context menu in thunar (Void linux Xfce desktop).

Might be that I am mistaken, but "open as a root" comes with the xfce4-goodies package.

photonucleon

Thursday

From: out of that impossible sky

Registered: 2015-09-29

Posts: 299

Re: [ Solved ] A folder put behind root still opens with a user password

Is that a custom action in thunar for BL? I don't have any sort of "open as root" type context menu in thunar (Void linux Xfce desktop).

It is a custom action, yes. I always presumed it was put there in Crunchbang/BL by corenominal/the dev team here.

---

The servant lifted off a kind of ottoman a long peacock-blue drapery, rather of the nature of a domino, on the front of which was emblazoned a large golden sun, and which was splashed here and there with flaming stars and crescents. “You’re to be dressed as Thursday, sir,” said the valet somewhat affably.

damo

....moderator....

Registered: 2015-08-20

Posts: 6,734

Re: [ Solved ] A folder put behind root still opens with a user password

Is that a custom action in thunar for BL? I don't have any sort of "open as root" type context menu in thunar (Void linux Xfce desktop).

It is a custom action, yes. I always presumed it was put there in Crunchbang/BL by corenominal/the dev team here.

It is included in the default "~/.config/Thunar/uca.xml"  ( see "/usr/share/bunsen/skel/.config/Thunar/uca.xml"  - installed  Thunar context menu)

---

Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

PackRat

jgmenu user Numero Uno

Registered: 2015-10-02

Posts: 2,666

Re: [ Solved ] A folder put behind root still opens with a user password

@damo - thanks, copied it from the live session.

---

You must unlearn what you have learned.
    -- yoda

damo

....moderator....

Registered: 2015-08-20

Posts: 6,734

Re: [ Solved ] A folder put behind root still opens with a user password

@damo - thanks, copied it from the live session.

Don't forget all the defaults are on github as well

---

Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

PackRat

jgmenu user Numero Uno

Registered: 2015-10-02

Posts: 2,666

Re: [ Solved ] A folder put behind root still opens with a user password

I don't use Thunar, so maybe I should keep my yap shut. The confusion may simply be here:

it prompts for the administrative password it opens with the user password, not with the root password

...  Assuming that "running Thunar open as root" really means to "run Thunar with sudo", then you would definitely need to supply your own password, not root's password. (Because the whole point of sudo is to allow a user (who has been authorized to use sudo) to temporarily gain some/all of root's privileges.)

Given that things very likely are just as you described, how then will I achieve a situation where a user can pretty much do everything else but not access and view this one folder?

So you just want/need to restrict access to this one particular folder?

Or would you prefer that other users don't have sudo privleges at all? Note that the opening thunar with root privleges from the context menu is only one way to gain access to that folder.

Last edited by PackRat (2017-01-06 01:14:21)

---

You must unlearn what you have learned.
    -- yoda

Luki

Member

Registered: 2016-11-16

Posts: 16

Re: [ Solved ] A folder put behind root still opens with a user password

So you just want/need to restrict access to this one particular folder?

yes.

Head_on_a_Stick

Member

From: London

Registered: 2015-09-29

Posts: 9,093

Website

Re: [ Solved ] A folder put behind root still opens with a user password

Encrypt the folder contents, perhaps?

---

Para todos todo, para nosotros nada

PackRat

jgmenu user Numero Uno

Registered: 2015-10-02

Posts: 2,666

Re: [ Solved ] A folder put behind root still opens with a user password

^ Would that prevent users with sudo privleges from accessing the folder as well?

@Luki - I'm not sure if you'll be able to accmplish what you want to do as long as the other users have sudo privleges.

---

You must unlearn what you have learned.
    -- yoda

Horizon_Brave

Operating System: Linux-Nettrix

Registered: 2015-10-18

Posts: 1,473

Re: [ Solved ] A folder put behind root still opens with a user password

Wait... I haven't looked at this since I took my linux+ exam years ago...but wouldn't the setting of the suid sticky bit accomplish what the OP wants?

SUID and Sticky Bits

SGID on a directory
– When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member.
– For example if a user having write permission in the directory creates a file there, that file is a member of the same group as the directory and not the user’s group.
– This is very useful in creating shared directories.

Last edited by Horizon_Brave (2017-01-06 22:43:50)

---

"I have not failed, I have found 10,000 ways that will not work" -Edison