LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-13-2009, 02:53 AM   #1
abolishtheun
Member
 
Registered: Mar 2008
Posts: 183

Rep: Reputation: 31
group directory?


I created a group called group1, and put users user1 and user2 into group1. I want these two users to be able to work together on files in the same directory-- so I created a directory called /projects/group1-files, chmod'd it to 2775. Now, when either user can create files/subdirectories in the directory, but when they create a new file, it's permission is 755, so user1 can't write to files created by user2 and vice versa. I could set the umask to 002, but that wouldn't be limited to the directory. What is the correct way to do this?
 
Old 05-13-2009, 03:23 AM   #2
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
You need to provide ownership to both the users through:
Code:
[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/
User1
Code:
[user1@receiver group1-files]$ touch test
[user1@receiver group1-files]$ ls
test
[user1@receiver group1-files]$ vi test
[user1@receiver group1-files]$ cat test
Hello can yu see me
[user1@receiver group1-files]$
user2
Code:
[user2@receiver group1-files]$ pwd
/projects/group1-files
[user2@receiver group1-files]$ cat test
Hello can yu see me
[user2@receiver group1-files]$

Last edited by your_shadow03; 05-13-2009 at 03:29 AM.
 
Old 05-13-2009, 03:31 AM   #3
abolishtheun
Member
 
Registered: Mar 2008
Posts: 183

Original Poster
Rep: Reputation: 31
But in that case, user2 won't be able to write/edit that file, correct?

and wouldn't the following just set the owner/group to user2.group1?
Code:
[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/

Last edited by abolishtheun; 05-13-2009 at 03:34 AM.
 
Old 05-13-2009, 04:05 AM   #4
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
He can !!
Just try out and see..He can edit without any issue?

The Ownership is for both the users to edit/write/read the file
 
Old 05-13-2009, 04:15 AM   #5
abolishtheun
Member
 
Registered: Mar 2008
Posts: 183

Original Poster
Rep: Reputation: 31
Then I must be doing something wrong....

Code:
root@desktop# ls -ld /projects/files-groups1/
drwxrwsr-x 2 root root 4096 2009-05-13 01:08 /projects/files-groups1/

root@desktop# groups user1
user1 group1

root@desktop# groups user2
user2 group1

root@desktop# chown -R user1.group1 /projects/files-groups1/

root@desktop# chown -R user2.group1 /projects/files-groups1/

root@desktop# su user1

user1@desktop$ touch /projects/files-groups1/hello

user1@desktop$ cat > /projects/files-groups1/hello 
hello, can you read this?

user1@desktop$ exit

root@desktop# su user2

user2@desktop:/root$ cat >> /projects/files-groups1/hello 
bash: /projects/files-groups1/hello: Permission denied
 
Old 05-13-2009, 04:16 AM   #6
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

This:
Quote:
[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/
Does what abolishtheun expects: it will first make user1 owner (first command) of all the files/dirs and then make user2 owner. It will definitely _not_ make both users owner of these files!! (On a group level it does, but a chgrp -R group1 would have done the same).

Setting 2775 on the dir will give other user the possibility to save files, even though they don't have write permissions, but you do need to force the save (for example :w vs :w! in vi).
 
Old 05-13-2009, 04:23 AM   #7
abolishtheun
Member
 
Registered: Mar 2008
Posts: 183

Original Poster
Rep: Reputation: 31
druuna, thanks for the clarification, I thought I was going crazy... does it matter that the group directories (the /projects dir) are on a separate partition? I know that you can set umasks for some file systems but not for ext3! I just want to avoid umask 002 in /etc/profile if possible.
 
Old 05-13-2009, 04:33 AM   #8
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

It doesn't matter what FS as long as the FS is linux/unix (ext2/3/4, reiser etc). If the partition is none-linux (vfat, ntfs etc) other considerations will surface and complicate things.

As long as you (and your colleagues?) don't mind forcing the write, you do not need to change the umask setting.
 
Old 05-13-2009, 04:39 AM   #9
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
@Druuna..
I can see most often say, if I try editing /etc/sudoers if logged-in as root, it says "READONLY" and I need to Press ESC and then press I. Edit the file but save it as wq!.
! is used to override which is same case as above.
Why so?
 
Old 05-13-2009, 04:56 AM   #10
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
@your_shadow03: Overriding (forcing a write on a readonly file) only works in special cases (and linux and unix do differ on this one!).

- A normal user can only force a write (or delete) on someone elses's file if that file resides in a dir owned by that specific user:

Code:
$ id
uid=500(druuna) gid=500(internet)

$ mkdir Test-1

$ ls -ld Test-1 
drwxr-x--- 2 druuna internet 4096 May 13 10:47 Test-1

$ cd Test-1/
$ ls -l
total 0

$ su -
Password: 

$ id
uid=0(root) gid=0(root)

$ cd /data/Test-1/
[exile] root /data/Test-1 $ touch foobar
[exile] root /data/Test-1 $ ls -l foobar 
-rw-r--r-- 1 root root 0 May 13 10:49 foobar

$ exit

$ id
uid=500(druuna) gid=500(internet)

$ ls -l
total 0
-rw-r--r-- 1 root root 0 May 13 10:49 foobar

$ rm foobar 
rm: remove write-protected regular empty file `foobar'? y

$ ls -l
total 0
The above example shows how a regular user can delete a file that is owned by root and does not have write permissions for other users.....

Using chmod 2775 on a directory gives every user the possibility to edit/delete files in that directory.

BTW: being root is a special case and has more privileges then other users. If you start testing with permissions do so with none-root users.

Hope this clears things up a bit.
 
Old 05-13-2009, 05:59 AM   #11
kpraveen455
Member
 
Registered: Feb 2009
Location: Hyderabad
Distribution: fedora
Posts: 33

Rep: Reputation: 17
My understanding...

What I can understand is if we give "chmod 2775" permissions to a directory (owning by group), it means that (7 - user, 7 - group, 5 - other) that the group (here: user1, user2) can have both read/write permissions.

Am I correct?
 
Old 05-13-2009, 06:05 AM   #12
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
You missed the initial "2" -
The initial '2' sets the setguid bit for group ownership, so any new files created in that directory will now be owned by group <groupname>

Last edited by your_shadow03; 05-13-2009 at 07:19 AM.
 
Old 05-13-2009, 07:29 AM   #13
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
Druuna,
I have still few doubts and I need help.
Code:
[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/
Is it wrong or right?
What I explored is :

I have two users user1 and user2 and I added the both users to group1.
As root, I created a directory :


User - ROOT

Code:
[root@receiver ~]# mkdir /Delta
[root@receiver ~]# cd /Delta/
[root@receiver Delta]# mkdir projects
[root@receiver Delta]# cd
[root@receiver ~]# chmod 2777 /Delta/
[root@receiver ~]# ls -la /
total 202
..
drwxrwsrwx    3 root root  4096 May 13 04:07 Delta
..
Now I logged in as user1:

User - user1
Code:
[user1@receiver ~]$ groups
user1 group1
[user1@receiver ~]$
[user1@receiver projects]$ touch test
touch: cannot touch `test': Permission denied
[user1@receiver projects]$ vi test
[user1@receiver projects]$
Does I need to provide ownership to group1?
 
Old 05-13-2009, 07:36 AM   #14
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
Sorry I forgot to provide:
Code:
chmod 777 /Delta/projects
Now The Doubt is Say, a user called jerry who is outside this group

User - Jerry
Code:
[jerry@receiver projects]$ cd /Delta/projects/
[jerry@receiver projects]$ cat test
hello I am user1 just edited this line
I am user2 ...Sounds working for setguid
Hi I am jerry outside this group
[jerry@receiver projects]$
How can she edit this since she is outside the group.

Last edited by your_shadow03; 05-13-2009 at 07:41 AM.
 
Old 05-13-2009, 07:42 AM   #15
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
@your_shadow03:

You did change the permissions of Delta (the chmod 2777 /Delta command), you did _not_ change permissions of the projects directory....

An ordinary user is, in this case, able to create a file in /Delta, but not in projects:
Code:
$ id
uid=500(druuna) gid=500(internet)

$ cd /Delta/
$ touch in.delta

$ ls -l in.delta 
-rw-r----- 1 druuna root 0 May 13 13:32 in.delta

$ cd projects/
$ touch in.projects
touch: cannot touch `in.projects': Permission denied
Also: If you create the dir as root, the group will also be root (take a look at the output of the ls -l in.delta command).

Creating the dir as user root is sometimes needed, but do change the owner/group (group in this specific case) of that dir to reflect the appropriate group (group1 in this example).

Another thing:
Quote:
[root@receiver ~]# chown -R user1.group1 /projects/group1-files/
[root@receiver ~]# chown -R user2.group1 /projects/group1-files/
As I stated before, this isn't useful. The second command will change the changes made in the first command (talking about the owner of the files/dirs).

A chmod -R group1 /Delta will change the group to group1, but will leave the user in tact.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating a group home directory powerpleb Linux - Newbie 7 09-07-2012 01:42 AM
Group permisions on a directory ADxD_7 Solaris / OpenSolaris 7 04-08-2008 01:51 PM
Renaming group of files within one directory DIRdiver Linux - General 3 10-25-2006 10:57 AM
Sendmail Group Writable Directory flipcode Linux - Security 0 12-23-2004 04:41 PM
chmod for a group on a certain directory? mfeoli Linux - Newbie 1 02-10-2004 06:13 PM


All times are GMT -5. The time now is 10:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration