LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-29-2009, 02:32 PM   #1
ceci2
Member
 
Registered: Dec 2004
Posts: 40

Rep: Reputation: 15
changing default file permissions upon file creation


Hi.


I just created a new user 'john' using this command: useradd -G developers john. So now john belongs to a group 'developers'.
i set john's umask to 0002 so that members of the group developers edit the files.

problem.
when john creates a file, it creates with 'john' as the owner and the group. thus it looks like this:

-rw-rw-r-- 1 john john 0 Sep 29 13:54 text.txt

Q? How can I set his account so that when he creates a file the file created belongs to the group developer instead of john. Eg.

-rw-rw-r-- 1 john developers 0 Sep 29 13:54 text.txt

The /etc/groups file reveals that 'john' does below to the group.
developers:x:503:marry,joel,mk,john

The /etc/passwd file reveals this information:
john:x:504:505::/home/john:/bin/bash

Finally issuing this command 'id john' gives me this:
uid=504(john) gid=505(john) groups=505(john),503(developers) context=user_u:system_r:unconfined_t

what am i doing wrong or what am not doing?!

thank you.

Ps. I am using RedHat linux.

Last edited by ceci2; 09-29-2009 at 02:41 PM.
 
Old 09-29-2009, 02:45 PM   #2
AngTheo789
Member
 
Registered: Sep 2009
Posts: 110

Rep: Reputation: 24
I would suggest to set up or modify the john account so that it belongs to the developer group by default, unless you really need each account to have a group on it's own. This way the developer group would always be used for john's new files.

Last edited by AngTheo789; 09-29-2009 at 02:46 PM. Reason: typo
 
Old 09-29-2009, 02:50 PM   #3
ceci2
Member
 
Registered: Dec 2004
Posts: 40

Original Poster
Rep: Reputation: 15
Never mind. I fixed it. Creating a user with '-G' screwed it up.

To fix it I had to do:

# usermod -g developers john

notice the '-g'.
 
Old 09-29-2009, 08:02 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,239

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Difference between primary and secondary groups...
Incidentally, to create a shared dir with that property, it's usually best to create a specific user & group, create the home dir, then chmod g+s on the home dir.
That will force all files created by the group members in that dir to be owned by the group id.
Not generally a good idea to allow others into your home dir.
 
Old 09-29-2009, 11:09 PM   #5
akin81
LQ Newbie
 
Registered: Mar 2004
Posts: 13

Rep: Reputation: 0
agree to chris, make use of suid(the "g+s" option for chmod) on the dir which you want to share within the group
 
Old 09-30-2009, 07:58 AM   #6
ceci2
Member
 
Registered: Dec 2004
Posts: 40

Original Poster
Rep: Reputation: 15
thank you for the valuable information you have posted.

Q? is it possible that by issuing the "#usermod -g developers john' command I am also allowing entry to the Home directory? How can I secure my Home directory so that no members of the group access it?

I am new so if you can provide a complete example would be very helpful.

Thanks you so much.

C
 
Old 10-01-2009, 01:28 AM   #7
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,239

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
On a user's home dir, the ownerships that count (ignoring possible acls) are:

u=user (aka owner)
g=group

both taken from his entry in /etc/passwd
eg

ls -ld /home/john

drwxr-xr-x 9 john johns_primary_group 2048 Sep 28 08:34 /home/john

typically.

The drwxr-xr-x means

d = dir

rwx = user has rwx perms
r-x = user's group has r-x
r-x = other/world has r-x

you can remove world perms

chmod o= /home/john

When creating a separate shared group dir as described, you create a new dedicated user/group to own it, so its a different group from anyone's primary group.
Then add the reqd users to the share group.
man chmod, chown; see also chgrp, newgrp

HTH
 
Old 10-01-2009, 07:27 AM   #8
ceci2
Member
 
Registered: Dec 2004
Posts: 40

Original Poster
Rep: Reputation: 15
Awesome! You guys are great.

Thank you.

C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
default group on file creation antony.booth Linux - Security 3 08-24-2007 06:36 AM
Gnome file permissions creation zeky Linux - Desktop 0 10-15-2006 12:37 PM
How to set default file creation pembo13 Linux - Security 6 07-02-2004 10:44 PM
new file creation permissions dskny Linux - Software 3 03-03-2004 10:32 AM
Changing file permissions on a SAMBA file share apenney Linux - Software 0 02-11-2002 04:42 PM


All times are GMT -5. The time now is 10:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration