LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-05-2009, 01:10 PM   #1
measekite
Member
 
Registered: Aug 2007
Posts: 42

Rep: Reputation: 16
Question System Groups from Users and Groups


I am not sure where this thread goes so I put it here.

I have done a lot of research and keep coming up empty and this includes browsing books at B&N.

In both Ubuntu and Fedora there are many System Groups. I am looking for information to get a deep understanding of what happens when I create a user and add them to various specific groups.

In Windows this can get quite complicated but there is much documentation on the subject.

I cannot seem to find out what rights go along with each group.

Also I would like to know how I can exploit groups so they are valuable. Other than adding a user to a group and giving that group read, write, execute permissions that filter down to group members I cannot see what else they are for.

In Windows you can have groups within groups and they can be public or private. Not the case in Linux. In Windows you can also assign priveliges to entire groups like the ability to backup the computer or assign and manage printers. etc


For example if there is a group called backup operators then its members can backup files to devices.
 
Old 05-05-2009, 01:50 PM   #2
radu124
LQ Newbie
 
Registered: Apr 2009
Posts: 7

Rep: Reputation: 1
most of the rights of a user are derived from the files he/she can access
(in addition to some other configuration files like /etc/sudoers)

by files I also mean special devices like those in /dev which are assigned the same type of permissions like normal files

===
unless you have ACL enabled which is a more complex mechanism, each file has three basic rights (read, write, execute) for each of: owner, group, and others

the owner and the group of the file can be specified separately with the chown command.

you can find out what the rights assigned to a file are with "ls -l"
===

this allows a very simple mechanism for assigning rights
for example, on my machine, which is an almost standard ubuntu
performing ls -l on the /dev/dsp device, which is in charge of sound
produces:

crw-rw----+ 1 root audio 14, 3 2009-05-05 10:02 dsp

users who are allowed to use the audio device will be in the audio group
(actually this is becoming more complicated because there is another application, pulseaudio, in-between)

===
another method of granting rights is having "suid" programs. These are programs that when run, assume the identity of the owner (sometimes root).

you can find those using find / -perm -4000

these can be programs like ping, mount or sudo. of course you need to be able to run these programs (that is have execute rights as an 'other' user or by membership to a group)
 
Old 05-05-2009, 02:25 PM   #3
measekite
Member
 
Registered: Aug 2007
Posts: 42

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by radu124 View Post
most of the rights of a user are derived from the files he/she can access
(in addition to some other configuration files like /etc/sudoers)

by files I also mean special devices like those in /dev which are assigned the same type of permissions like normal files

===
unless you have ACL enabled which is a more complex mechanism, each file has three basic rights (read, write, execute) for each of: owner, group, and others

the owner and the group of the file can be specified separately with the chown command.

you can find out what the rights assigned to a file are with "ls -l"
===

this allows a very simple mechanism for assigning rights
for example, on my machine, which is an almost standard ubuntu
performing ls -l on the /dev/dsp device, which is in charge of sound
produces:

crw-rw----+ 1 root audio 14, 3 2009-05-05 10:02 dsp

users who are allowed to use the audio device will be in the audio group
(actually this is becoming more complicated because there is another application, pulseaudio, in-between)

===
another method of granting rights is having "suid" programs. These are programs that when run, assume the identity of the owner (sometimes root).

you can find those using find / -perm -4000

these can be programs like ping, mount or sudo. of course you need to be able to run these programs (that is have execute rights as an 'other' user or by membership to a group)
Thanks, that go me started. I am not sure what suid is or how to use it but I will do a google to see if I can find it.

Not sure how to intrepret all of this: check out the red font color.

crw-rw----+ 1 root audio 14, 3 2009-05-05 10:02 dsp
 
Old 05-05-2009, 10:22 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,311

Rep: Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040
Quote:
Notice the plus symbol. With ACLs, it is the getfacl information that is
relevant, not the standard permissions. In this case, the system is trying to tell us that the directory is
writable by more than one user.
for the full story, try
man setfacl
man getfacl

setuid makes a program run as the owner, regardless of who runs it ie 's' in the user's perms section eg
rwsrw-rw-
setgid does the same, only with group perms
rw-rwsrw-

you can also use
chmod g+s <dir>
to ensure that any file created by any user in that dir will have the same group id as the dir mentioned.

Loosely related,

drwxrwxrwt 27 root root 4096 May 6 10:56 tmp

the 't' means that only the owner of a file (in /tmp) can delete it, even though everybody has full access.
 
  


Reply

Tags
groups, privileges, system, users


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
groups (system default groups) Xavius Linux - General 2 07-18-2012 03:50 AM
Micro$oft AD Groups to Debian Lenny Groups.- Mindblower Linux - Desktop 0 04-22-2009 10:28 AM
ubuntu question: cannot open System > Administration > Users and Groups numtre Ubuntu 3 03-27-2009 04:58 AM
Map Windows NT Groups to UNIX Groups - why? kenji1903 Linux - Networking 4 10-16-2007 12:52 PM
winbind: wbinfo -g only lists global groups from PDC and not local groups saradiya Linux - Networking 0 12-01-2003 03:58 AM


All times are GMT -5. The time now is 03:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration