Adding user to a secondary group ?

uncle-c · 09-10-2009, 01:03 PM

Hi,
If user1's main group is genetics and one wants to add him/her to group biochem and to assign biochem as his/her secondary group will the following suffice ?

Code:

$ sudo usermod -G biochem user1

I would like for user1 to have genetics as the main group but also belong to biochem. When user1 creates a file, as he/she belongs to main group genetics, I assume the file will be owned by user1 and group owner will be genetics. Ideally files created by user1 should be accessible to users in group genetics(when permissions are tweaked) but not by individuals in group biochem. However, any files with group owner biochem should be accessible to user1 as he/she does belong to biochem as a secondary group.
Would having user1 main group genetics, secondary group biochem fulfil this criteria ?

thanks

vishesh · 09-10-2009, 01:06 PM

You are right,
You can also use gpasswd command

root#gpasswd -a user1 biochem

At the mean time , if user belong to more than one group the group owner of files/directory created by user will be primary group. although you can change this temporarly by using newgrp command

user1@localhost$newgrp biochem

now whatever files/directory created group owner will be biochem

thnks

uncle-c · 09-10-2009, 01:16 PM

Thanks Vishesh,
I needed to clarify if the user's primary group would also be the group owner of any files/directories created so users from another group would not have access to the files unless permissions were explicitly set to allow them to do so.

thanks again,
uncle c

chrism01 · 09-10-2009, 07:03 PM

Note that if you want to ensure security in personal dirs, but share files in groups, you can create a new dir owned by eg the 'group' user (eg chown grp1:grp1 gpr1share ) and set

chmod g+s

on the group dir. This forces all files created in the new dir to have the same group ownership automatically, regardless of who creates them.
Obviously all members need to have that group in their group list.

vishesh · 09-11-2009, 06:01 AM

dear
You are right. To set permission to specific group other than group owner you should use acl option.

thnks

uncle-c · 09-11-2009, 07:05 AM

Quote:

Originally Posted by chrism01

Note that if you want to ensure security in personal dirs, but share files in groups, you can create a new dir owned by eg the 'group' user (eg chown grp1:grp1 gpr1share ) and set

chmod g+s

on the group dir. This forces all files created in the new dir to have the same group ownership automatically, regardless of who creates them.
Obviously all members need to have that group in their group list.

Thanks guys.
So chris you are basically saying create a third group called for example "science" and make this the secondary group for both genetics and biochem. In this way any private files with group ownership biochem would be protected from the prying eyes of genetics. If I follow your example will I also have to create a new user called "science" making sure the account has no login shell ?

Share directory is lifescience

$ chown science:science lifescience

$ chmod g+s lifescience

So everything created in the directory lifescience with have file owner as science and group owner as science. Both genetics groups and biochem groups will have science as their secondary group so biochem's private files will be safe from genetics as biochem is no longer genetics' secondary group ?

thanks
c