remote desktop - Need to give RDS user permission to see and start/stop process started by Admin

07
2014-07
  • Martin Schlott

    I got a virtual Sever-2012. On this server I run a little tool in user space which responses to calls on a port. Now I want to grand a Friend access to the Server and to the tool. He need it to restart the tool after a crash. When I start the tool as admin, the User cannot see it. I was searching for the proper permission, but I did not find a group to make the process visible to the User. What do I have to do?

    SumUp: I start a process as admin. From time to time it crashes. No I need the right permission for a user to start the process again.

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    linux - Unix Permissions issue with users belonging to the same group accessing a folder
  • Naftuli Tzvi Kay

    I have a folder I'd really like to allow another user on this machine access to. I'm using mt-daapd to serve music to the network, so I'd like to enable the mt-daapd user to access my Music directory, /home/rfkrocktk/Music. The master user is rfkrocktk obviously. I've tried to set all of my permissions properly on the directory, but the mt-daapd user can't acces the files.

    I created a group called media-users and added both rfkrocktk and mt-daapd to it in order to give mt-daapd permission to simply read all of the files in that directory and subdirectories.

    If I run id on each of my users, here's what's displayed:

    $ id rfkrocktk
> uid=1000(rfkrocktk) gid=1000(rfkrocktk) groups=1000(rfkrocktk),4(adm),20(dialout),24(cdrom),29(audio),46(plugdev),104(lpadmin),115(admin),120(sambashare),124(vboxusers),1001(jupiter),2002(media-users)

$ id mt-daapd
> uid=123(mt-daapd) gid=65534(nogroup) groups=65534(nogroup),2002(media-users)

    It definitely seems that both users are a part of the media-users group, so what could be going wrong?

    If I run ls -l on the actual Music directory to see its permissions, here's the output:

    drwxr-Sr-- 201 rfkrocktk media-users 12288 2011-01-13 12:26 Music

    If I run ls -l on the Music directory to get its children, here's the output:

    drwxr-Sr--  3 rfkrocktk media-users 4096 2010-12-20 15:31 2DBoy
drwxr-Sr--  3 rfkrocktk media-users 4096 2010-05-25 12:50 ABBA
drwxr-Sr--  3 rfkrocktk media-users 4096 2009-12-28 15:19 Access Denied
drwxr-Sr-- 10 rfkrocktk media-users 4096 2009-12-28 15:19 AC-DC
drwxr-Sr--  3 rfkrocktk media-users 4096 2009-12-28 15:19 Aerosmith
drwxr-Sr--  3 rfkrocktk media-users 4096 2010-06-04 10:45 A Flock of Seagulls
drwxr-Sr--  4 rfkrocktk media-users 4096 2010-05-28 18:13 Alestorm
drwxr-Sr--  3 rfkrocktk media-users 4096 2010-06-22 23:29 Amon Amarth
drwxr-Sr--  5 rfkrocktk media-users 4096 2009-12-28 15:19 Anberlin
...

    From this, it would seem that I should be able to access the folders from mt-daapd, but I can't. Running sudo -i -u mt-daapd ls -l /home/rfkrocktk/Music displays nothing, indicating to me that for whatever reason, mt-daapd doesn't have access to read the folder. What am I doing wrong?

    EDIT

    A problem I was having involved the "S" flag. It needs to be "s", so that execute permissons for the group also exist on the files and folders. Additionally, the invocation of sudo -i -u mt-daapd ls -l /home/rfkrocktk/Music was wrong. It should be sudo -u mt-daapd ls -l /home/rfkrocktk/Music instead. Evidently, the -i parameter kills the stdout.


    • Related Answers
  • psusi

    You are missing execute permission on the directory. chmod g+x dir.

    Other users also have read access but not execute. If you chmod o+g dir, then you don't need to muck about with groups because everyone will be able to read it.