assign permissions
hi guys
I had 10 users and 3 linux servers they are normal users I need to assign read access to these 1o users to /opt /var /usr how can I accomplish that without going user by user? any idea? should this command work? well for me is not working chmod -R o+r /var after that user cannot access /var anymore |
Ensure that your users belong to the same group.
If you don't have a regular users group create one: Code:
groupadd users Code:
gpasswd -a users username1 Code:
find /directory -type d -exec chmod g+xr-w {} \; Code:
find /directory -type f -exec chmod g+r {} \; Do that at your own risk. <edit> changed an error -type d to -type f on the files section </edit> |
I think the command is
chmod -R o+r * so I need to be in the folder /var before |
You're going to need the 'x' perm on the dirs as well; it means search/access on a dir, not 'execute' http://linux.die.net/man/1/chmod
|
Quote:
Also by only adding +r to all files you are not giving read access to directories. Was there something in my reply that you didn't understand??? PS: Quote:
|
really sorry I posted without updating the post so I never saw your answer
so it's going to be Code:
groupadd normalreaduser Code:
gpasswd -a normalreaduser user1 Code:
find /var -type d -exec chmod g+xr-w {} \; Why could be risky to add read access to /var and /usr? I was thinking I needed to specify the group name somewhere |
Quote:
Quote:
PS: Your users may also already belong to a group, so check the groups and their users in /etc/groups |
Quote:
Changing file permissions on system files it's something that you should be careful. Some programs depend on specific file permissions, and do not function properly (or at all) if you change the permissions. |
got your point but I was working and let the windows opened when I did some test about chmod and posted after posting found your answer.
well so far I got users like this some they below to their own group so I need to create a new group Code:
uid=508(lorenzo) gid=508(lorenzo) groups=508(lorenzo) I get this error Code:
[root@node02 ~]# groupadd testgroup Code:
[root@node02 ~]# usermod -a -G testgroup user1 |
sorry my bad.
it's gpasswd -a user group On unix when in doubt use: Code:
command --help in Unix there's usually several ways of doing something. An alternative way is to edit the /etc/groups directly |
ammorais thanks a lot for your help and the other guys
BTW ammorais yes it's not a good practice AT ALL for instance in /usr/ we got some APPs that could not word If I assign read to ALL thanks a lot I am going to check this request to be completely sure |
by the way guys
I am thinking about this for instance I have a directory which owner is root:root is there any way like in windows 2003 to assign another group (which includes my 10 users) and give to that group read permissions? basically I wanna know if a directory can be manage by different groups. This is because during this journey I got a directory which owner was something different that root so I used (apache_group) Code:
usermod -a -G apache_group user1 Code:
usermod -a -G root user1 any idea? |
I totality forgot that you must assign the directory's group.
Code:
chgrp users /directory In Unix each file can only have one user and one group. What you want is Access Control List. Have a look here to see how to work with it. Also I suggest you have a look at Role-based access control implementations. Currently they are supported by grsecurity and SELinux. |
Quote:
thanks a lot for all that info I think I am going to have some to thing this weekend :rolleyes: |
Quote:
You're welcome. Good luck. |
ammorais
2 more questions if you have some time I was checking the ACL and founf this in order to have it working Code:
mount -o remount,acl /home doing that mount will impact users or applications? I mean do I have to schedule a downtime for that mount command second even using this granularity permission strategy (ACL) would still risky to assign read permissions to those folders??? sorry for this I am pretty newbie |
thinking this over
it is the same I mean adding normal R permissions or using setfacl.... so I either need to read about Role-based access control or explain to my customer why changing to R it's no a good idea at all |
Think about this; normally, the default perms on /var, /opt are correct. Think about what you are trying to accomplish, do you really need to mess with them?
If you want an area where people can share files, then the usual approach is 1. create newuser, newgrp 2. create the home dir for newuser, newgroup 3. chmod g+s newgrp newdir 4. add newgrp to reqd users as a 2ndary group If(!) you need to go into even more fine-grained ctrl, then add ACLs to the above. Note that the mount -o remount,acl /newdir can be done on the fly, ie no reboot reqd. See also tune2fs eg tune2fs -l |grep options will show if acls are already turned on. http://linux.die.net/man/8/tune2fs HTH Why exactly would you want to mess with /var, /opt? |
thanks for the info
just a question what do you mean by chmod Code:
g+s newgrp newdir yeah just a customer who is asking that and I already told him but needs more info why this can not be done basically I need the path where they want to have read access so I have to check them and see what I can do thanks a lot |
chmod g+s newgrp newdir
add sgid (set group id) of newdir 'permissions' to newgrp; basically forces all files created therein to have group ownership of newgrp, regardless of creator's grpid. http://linux.die.net/man/1/chmod eg rwxrwx--- becomes rwxrws--- HTH |
All times are GMT -5. The time now is 05:50 PM. |