group directory?

abolishtheun · 05-13-2009, 01:53 AM

I created a group called group1, and put users user1 and user2 into group1. I want these two users to be able to work together on files in the same directory-- so I created a directory called /projects/group1-files, chmod'd it to 2775. Now, when either user can create files/subdirectories in the directory, but when they create a new file, it's permission is 755, so user1 can't write to files created by user2 and vice versa. I could set the umask to 002, but that wouldn't be limited to the directory. What is the correct way to do this?

your_shadow03 · 05-13-2009, 02:23 AM

You need to provide ownership to both the users through:

Code:

[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/

User1

Code:

[user1@receiver group1-files]$ touch test
[user1@receiver group1-files]$ ls
test
[user1@receiver group1-files]$ vi test
[user1@receiver group1-files]$ cat test
Hello can yu see me
[user1@receiver group1-files]$

user2

Code:

[user2@receiver group1-files]$ pwd
/projects/group1-files
[user2@receiver group1-files]$ cat test
Hello can yu see me
[user2@receiver group1-files]$

abolishtheun · 05-13-2009, 02:31 AM

But in that case, user2 won't be able to write/edit that file, correct?

and wouldn't the following just set the owner/group to user2.group1?

Code:

[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/

your_shadow03 · 05-13-2009, 03:05 AM

He can !!
Just try out and see..He can edit without any issue?

The Ownership is for both the users to edit/write/read the file

abolishtheun · 05-13-2009, 03:15 AM

Then I must be doing something wrong....

Code:

root@desktop# ls -ld /projects/files-groups1/
drwxrwsr-x 2 root root 4096 2009-05-13 01:08 /projects/files-groups1/

root@desktop# groups user1
user1 group1

root@desktop# groups user2
user2 group1

root@desktop# chown -R user1.group1 /projects/files-groups1/

root@desktop# chown -R user2.group1 /projects/files-groups1/

root@desktop# su user1

user1@desktop$ touch /projects/files-groups1/hello

user1@desktop$ cat > /projects/files-groups1/hello 
hello, can you read this?

user1@desktop$ exit

root@desktop# su user2

user2@desktop:/root$ cat >> /projects/files-groups1/hello 
bash: /projects/files-groups1/hello: Permission denied

druuna · 05-13-2009, 03:16 AM

Hi,

This:

Quote:

[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/

Does what abolishtheun expects: it will first make user1 owner (first command) of all the files/dirs and then make user2 owner. It will definitely _not_ make both users owner of these files!! (On a group level it does, but a chgrp -R group1 would have done the same).

Setting 2775 on the dir will give other user the possibility to save files, even though they don't have write permissions, but you do need to force the save (for example :w vs :w! in vi).

abolishtheun · 05-13-2009, 03:23 AM

druuna, thanks for the clarification, I thought I was going crazy... does it matter that the group directories (the /projects dir) are on a separate partition? I know that you can set umasks for some file systems but not for ext3! I just want to avoid umask 002 in /etc/profile if possible.

druuna · 05-13-2009, 03:33 AM

Hi,

It doesn't matter what FS as long as the FS is linux/unix (ext2/3/4, reiser etc). If the partition is none-linux (vfat, ntfs etc) other considerations will surface and complicate things.

As long as you (and your colleagues?) don't mind forcing the write, you do not need to change the umask setting.

your_shadow03 · 05-13-2009, 03:39 AM

@Druuna..
I can see most often say, if I try editing /etc/sudoers if logged-in as root, it says "READONLY" and I need to Press ESC and then press I. Edit the file but save it as wq!.
! is used to override which is same case as above.
Why so?

druuna · 05-13-2009, 03:56 AM

@your_shadow03: Overriding (forcing a write on a readonly file) only works in special cases (and linux and unix do differ on this one!).

- A normal user can only force a write (or delete) on someone elses's file if that file resides in a dir owned by that specific user:

Code:

$ id
uid=500(druuna) gid=500(internet)

$ mkdir Test-1

$ ls -ld Test-1 
drwxr-x--- 2 druuna internet 4096 May 13 10:47 Test-1

$ cd Test-1/
$ ls -l
total 0

$ su -
Password: 

$ id
uid=0(root) gid=0(root)

$ cd /data/Test-1/
[exile] root /data/Test-1 $ touch foobar
[exile] root /data/Test-1 $ ls -l foobar 
-rw-r--r-- 1 root root 0 May 13 10:49 foobar

$ exit

$ id
uid=500(druuna) gid=500(internet)

$ ls -l
total 0
-rw-r--r-- 1 root root 0 May 13 10:49 foobar

$ rm foobar 
rm: remove write-protected regular empty file `foobar'? y

$ ls -l
total 0

The above example shows how a regular user can delete a file that is owned by root and does not have write permissions for other users.....

Using chmod 2775 on a directory gives every user the possibility to edit/delete files in that directory.

BTW: being root is a special case and has more privileges then other users. If you start testing with permissions do so with none-root users.

Hope this clears things up a bit.

kpraveen455 · 05-13-2009, 04:59 AM

What I can understand is if we give "chmod 2775" permissions to a directory (owning by group), it means that (7 - user, 7 - group, 5 - other) that the group (here: user1, user2) can have both read/write permissions.

Am I correct?

your_shadow03 · 05-13-2009, 05:05 AM

You missed the initial "2" -
The initial '2' sets the setguid bit for group ownership, so any new files created in that directory will now be owned by group <groupname>

your_shadow03 · 05-13-2009, 06:29 AM

Druuna,
I have still few doubts and I need help.

Code:

[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/

Is it wrong or right?
What I explored is :

I have two users user1 and user2 and I added the both users to group1.
As root, I created a directory :

User - ROOT

Code:

[root@receiver ~]# mkdir /Delta
[root@receiver ~]# cd /Delta/
[root@receiver Delta]# mkdir projects
[root@receiver Delta]# cd
[root@receiver ~]# chmod 2777 /Delta/
[root@receiver ~]# ls -la /
total 202
..
drwxrwsrwx    3 root root  4096 May 13 04:07 Delta
..

Now I logged in as user1:

User - user1

Code:

[user1@receiver ~]$ groups
user1 group1
[user1@receiver ~]$
[user1@receiver projects]$ touch test
touch: cannot touch `test': Permission denied
[user1@receiver projects]$ vi test
[user1@receiver projects]$

Does I need to provide ownership to group1?

your_shadow03 · 05-13-2009, 06:36 AM

Sorry I forgot to provide:

Code:

chmod 777 /Delta/projects

Now The Doubt is Say, a user called jerry who is outside this group

User - Jerry

Code:

[jerry@receiver projects]$ cd /Delta/projects/
[jerry@receiver projects]$ cat test
hello I am user1 just edited this line
I am user2 ...Sounds working for setguid
Hi I am jerry outside this group
[jerry@receiver projects]$

How can she edit this since she is outside the group.

druuna · 05-13-2009, 06:42 AM

@your_shadow03:

You did change the permissions of Delta (the chmod 2777 /Delta command), you did _not_ change permissions of the projects directory....

An ordinary user is, in this case, able to create a file in /Delta, but not in projects:

Code:

$ id
uid=500(druuna) gid=500(internet)

$ cd /Delta/
$ touch in.delta

$ ls -l in.delta 
-rw-r----- 1 druuna root 0 May 13 13:32 in.delta

$ cd projects/
$ touch in.projects
touch: cannot touch `in.projects': Permission denied

Also: If you create the dir as root, the group will also be root (take a look at the output of the ls -l in.delta command).

Creating the dir as user root is sometimes needed, but do change the owner/group (group in this specific case) of that dir to reflect the appropriate group (group1 in this example).

Another thing:

Quote:

[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/

As I stated before, this isn't useful. The second command will change the changes made in the first command (talking about the owner of the files/dirs).

A chmod -R group1 /Delta will change the group to group1, but will leave the user in tact.