LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-12-2009, 05:02 PM   #1
kopper27
Member
 
Registered: Nov 2009
Posts: 147

Rep: Reputation: 16
assign permissions


hi guys

I had 10 users and 3 linux servers
they are normal users

I need to assign read access to these 1o users to /opt /var /usr

how can I accomplish that without going user by user?


any idea?

should this command work? well for me is not working

chmod -R o+r /var

after that user cannot access /var anymore

Last edited by kopper27; 11-12-2009 at 05:58 PM.
 
Old 11-12-2009, 06:16 PM   #2
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
Ensure that your users belong to the same group.

If you don't have a regular users group create one:

Code:
groupadd users
Add all your regular users to the group
Code:
gpasswd -a users username1
gpasswd -a users username2
...
grant open access to directories:
Code:
find /directory -type d -exec chmod g+xr-w {} \;
you can also revogue access to the rest:
find /directory -type d -exec chmod o-xrw {} \;
grant read acess to the rest of the files:
Code:
find /directory -type f -exec chmod g+r {} \;
you can also revogue access to the rest:
find /directory -type f -exec chmod o-rwx {} \;
Be careful on changing the permissions on /usr and /var and /opt
Do that at your own risk.

<edit>
changed an error -type d to -type f on the files section
</edit>

Last edited by ammorais; 11-12-2009 at 06:20 PM.
 
Old 11-12-2009, 06:34 PM   #3
kopper27
Member
 
Registered: Nov 2009
Posts: 147

Original Poster
Rep: Reputation: 16
I think the command is


chmod -R o+r *

so I need to be in the folder /var before
 
Old 11-12-2009, 06:38 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,247

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
You're going to need the 'x' perm on the dirs as well; it means search/access on a dir, not 'execute' http://linux.die.net/man/1/chmod
 
Old 11-12-2009, 06:39 PM   #5
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
Quote:
Originally Posted by kopper27 View Post
I think the command is


chmod -R o+r *

so I need to be in the folder /var before
You will be changing others permissions so you will be giving read access to everyone.


Also by only adding +r to all files you are not giving read access to directories.

Was there something in my reply that you didn't understand???

PS:
Quote:
I think the command is ...
If you are going to ignore the answers that are given to you why do you come here?

Last edited by ammorais; 11-12-2009 at 06:44 PM.
 
Old 11-12-2009, 06:50 PM   #6
kopper27
Member
 
Registered: Nov 2009
Posts: 147

Original Poster
Rep: Reputation: 16
really sorry I posted without updating the post so I never saw your answer

so it's going to be

Code:
groupadd normalreaduser
Code:
gpasswd -a normalreaduser user1
gpasswd -a normalreaduser user2
gpasswd -a normalreaduser user3
...
and this

Code:
find /var -type d -exec chmod g+xr-w {} \;

find /var -type f -exec chmod g+r {} \;
Am I right?

Why could be risky to add read access to /var and /usr?


I was thinking I needed to specify the group name somewhere

Last edited by kopper27; 11-12-2009 at 06:57 PM.
 
Old 11-12-2009, 06:55 PM   #7
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
Quote:
sorry I posted without updating the post so I never saw your answer
It's a little difficult to swallow that since your reply was posted 18 minutes after mine. Anyway everybody deserves the benefit of the doubt.

Quote:
Am I right?


I was thinking I needed to specify the group name somewhere
You are exactly right.

PS: Your users may also already belong to a group, so check the groups and their users in /etc/groups

Last edited by ammorais; 11-12-2009 at 06:57 PM.
 
Old 11-12-2009, 07:04 PM   #8
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
Quote:
Why could be risky to add read access to /var and /usr?
I didn't noticed this line.
Changing file permissions on system files it's something that you should be careful. Some programs depend on specific file permissions, and do not function properly (or at all) if you change the permissions.
 
Old 11-12-2009, 09:57 PM   #9
kopper27
Member
 
Registered: Nov 2009
Posts: 147

Original Poster
Rep: Reputation: 16
got your point but I was working and let the windows opened when I did some test about chmod and posted after posting found your answer.

well so far

I got users like this some they below to their own group
so I need to create a new group

Code:
uid=508(lorenzo) gid=508(lorenzo) groups=508(lorenzo)
uid=508(roberto) gid=508(roberto) groups=508(roberto)

I get this error

Code:
[root@node02 ~]# groupadd testgroup
[root@node02 ~]# gpasswd -a testgroup user1
gpasswd: unknown user testgroup
Can I add the new group as a secondary group?
Code:
[root@node02 ~]# usermod -a -G testgroup user1
 
Old 11-12-2009, 10:21 PM   #10
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
sorry my bad.

it's gpasswd -a user group


On unix when in doubt use:

Code:
command --help
or
man command
The last option that you suggested is also valid.
in Unix there's usually several ways of doing something.

An alternative way is to edit the /etc/groups directly

Last edited by ammorais; 11-12-2009 at 10:24 PM.
 
Old 11-13-2009, 11:20 AM   #11
glinuxo
LQ Newbie
 
Registered: Nov 2009
Posts: 4

Rep: Reputation: 0
ammorais thanks a lot for your help and the other guys

BTW ammorais yes it's not a good practice AT ALL for instance in /usr/ we got some APPs that could not word If I assign read to ALL

thanks a lot

I am going to check this request to be completely sure
 
Old 11-13-2009, 03:39 PM   #12
kopper27
Member
 
Registered: Nov 2009
Posts: 147

Original Poster
Rep: Reputation: 16
by the way guys

I am thinking about this
for instance I have a directory which owner is root:root

is there any way like in windows 2003 to assign another group (which includes my 10 users) and give to that group read permissions?

basically I wanna know if a directory can be manage by different groups.

This is because during this journey I got a directory which owner was something different that root so I used (apache_group)

Code:
usermod -a -G apache_group user1
but I cannot do that the same when a owner of a directory is root

Code:
usermod -a -G root user1
that's a Big NO NO

any idea?
 
Old 11-13-2009, 05:08 PM   #13
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
I totality forgot that you must assign the directory's group.

Code:
chgrp users /directory
Answering your question.
In Unix each file can only have one user and one group.

What you want is Access Control List. Have a look here to see how to work with it.

Also I suggest you have a look at Role-based access control implementations. Currently they are supported by grsecurity and SELinux.
 
Old 11-13-2009, 05:16 PM   #14
kopper27
Member
 
Registered: Nov 2009
Posts: 147

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by ammorais View Post
I totality forgot that you must assign the directory's group.

Code:
chgrp users /directory
Answering your question.
In Unix each file can only have one user and one group.

What you want is Access Control List. Have a look here to see how to work with it.

Also I suggest you have a look at Role-based access control implementations. Currently they are supported by grsecurity and SELinux.

thanks a lot for all that info

I think I am going to have some to thing this weekend
 
Old 11-13-2009, 05:34 PM   #15
ammorais
Member
 
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182

Rep: Reputation: 49
Quote:
Originally Posted by kopper27 View Post
thanks a lot for all that info

I think I am going to have some to thing this weekend

You're welcome.

Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Assign a value mierdatuti Programming 4 12-31-2008 02:50 PM
How To Assign an Appropriate Seperator tugce_zehra Programming 4 12-10-2008 04:16 PM
cannot assign write permissions to sda1 flygirl Linux - Newbie 2 08-26-2007 12:14 AM
Any way to automatically assign permissions?? andpol Linux - Newbie 2 05-14-2007 12:01 PM
assign static ip allelopath Linux - Software 1 04-27-2005 08:04 PM


All times are GMT -5. The time now is 10:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration