LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-17-2014, 06:52 PM   #1
sniper8752
Member
 
Registered: Oct 2012
Posts: 354

Rep: Reputation: Disabled
managing groups and users


I have a user, who is part of the accounting group. the accounting folder is owned by the group, accounting. when the user attempts to go into the folder, it says that permission is denied. why is the user not able to go inside of the folder?
 
Old 03-18-2014, 06:09 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Can you login as the user and run the 'id' cmd.
Also show the dir permissions & ownerships (ls -l)
 
Old 03-18-2014, 09:59 AM   #3
sniper8752
Member
 
Registered: Oct 2012
Posts: 354

Original Poster
Rep: Reputation: Disabled
sure.
Attached Thumbnails
Click image for larger version

Name:	ls -l command.png
Views:	19
Size:	1.0 KB
ID:	14993   Click image for larger version

Name:	id command.png
Views:	12
Size:	2.1 KB
ID:	14994  
 
Old 03-18-2014, 03:33 PM   #4
maluhia
LQ Newbie
 
Registered: Jan 2014
Location: Central NJ
Distribution: Slackware
Posts: 10

Rep: Reputation: 3
If you want the "accounting" group to be able to cd to the "bob" directory, you need to do:
chmod g+x bob
In other words, members of a group can't cd to a directory if the group doesn't have execute permission for the directory.

However, this won't solve your problem, since your "ls -l" output indicates that the directory "bob" belongs to the "root" group, not the "accounting" group. To fix that, do:
chgrp -R accounting bob

Something still doesn't make sense, though, assuming "bob" is the user who is unable to access the directory "bob". What is the output of "ls -l .." if you execute it from the same place you executed "ls -l"? You need to make sure that the directory that contains "bob" also belongs to the "accounting" group and has group read and execute permissions.
 
Old 03-19-2014, 07:20 AM   #5
sniper8752
Member
 
Registered: Oct 2012
Posts: 354

Original Poster
Rep: Reputation: Disabled
I do not want the accounting group to cd to the bob directory. there is a shared directory for that. I thought execute permissions were just for running scripts?
If I add the accounting group to bob, would accounting then be able to access his content?
 
Old 03-19-2014, 05:43 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
no.

Normally the login "bob" would also have a group created with only one member in it - "bob". Thus the home directory would be owned by bob, and group bob. The access mask would usually be rwxr-x--- (meaning, user bob has read/write/search, members of the group bob have read/search, and no one else has access. If bob is the only member of the group "bob" then no one else can access it). For directory files, the x means "search" rather than "execute".

Having bob own a root group directory is peculiar, but also since bob is not in group root, it would make things look odd to an audit.
 
Old 03-19-2014, 09:44 PM   #7
sniper8752
Member
 
Registered: Oct 2012
Posts: 354

Original Poster
Rep: Reputation: Disabled
ok - i see. I will try this, and see if it helps. thanks!
 
Old 03-22-2014, 03:54 PM   #8
sniper8752
Member
 
Registered: Oct 2012
Posts: 354

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
For directory files, the x means "search" rather than "execute".
what do you mean by this? a user can search that specified directory for a file?
 
Old 03-22-2014, 04:39 PM   #9
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
If a user has only read permission on a directory, she cannot change into it. If read permission exists, the user can see what files are in it, but cannot access them, regardless of their permissions.
 
Old 03-22-2014, 04:54 PM   #10
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
Quote:
Originally Posted by sniper8752 View Post
what do you mean by this? a user can search that specified directory for a file?
From http://content.hccfl.edu/pollock/aun...ermissions.htm

"You can think of read and execute on directories this way: directories are data files that hold two pieces of information for each file within, the file's name and it's inode number. Read permission is needed to access the names of files in a directory. Execute (a.k.a. search) permission is needed to access the inodes of files in a directory, if you already know the file's name."

So a directory with "r--" permissions allows you see the file names. But you cannot open the files.
A directory with "--x" allows you to open the files, IF you already know the file name, AND have access permissions to read (or write) to the file.

To change the default directory requires both read and search.

This has been used in the past to provide an anonymous access to a dropbox type of operation. You could retrieve the file IF you already knew (or could guess) what the file name was. It has also been used to hide files from general viewing, but let specific individuals retrieve the data.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Learn Linux, 302 (Mixed environments): Managing user accounts and groups LXer Syndicated Linux News 0 10-19-2011 06:20 AM
System Groups from Users and Groups measekite Linux - General 3 05-05-2009 09:22 PM
LXer: Creating and Managing User Groups in Joomla! and VirtueMart LXer Syndicated Linux News 0 04-20-2009 05:20 AM
File association in KDE and managing Groups mayank_a Linux - Software 1 02-19-2006 04:59 PM
managing users alcek2004 Linux - Newbie 2 09-20-2004 09:43 AM


All times are GMT -5. The time now is 07:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration