LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-27-2005, 11:25 PM   #1
plunger
LQ Newbie
 
Registered: Sep 2005
Posts: 3

Rep: Reputation: 1
Unhappy nested groups for linux?


Hi folks. afraid i'm pretty green on this one. I'm having trouble wrapping my head around linux groups and why I can't nest one in another. For instance, I have a directory called accounts. in that directory I have multiple sub-directories. For each subdirectory I want to give rw access to the owner and r access to about 20 or 30 other users. Now, **please for forgive me but ** in m$ win I could just create a group for the 20 or 30 users and place it in the group that owns the sub-directory. Then I would only have to maintain 1 listing of the 20 some users. Right now I see my /etc/group file growing very quickly, not to mention the extra foot work for adding or deleting from the list of 20~30.

Is there any way around this. I can't seem to find much documentation on it... Any help would be greatly appreciated.
Thanks,
-p
 
Old 09-27-2005, 11:48 PM   #2
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
I'm not positive I understand your question because I don't see how "nested" applies to this situation; in the way I'm familiar with the term.

Everything you said about Microsoft's capability is true with Linux. You can create a directory, make it "group owned" by an arbitrarily named group you create. Then you can add users to that group as you see fit. In /etc/group, the line would look something like:
Code:
cool_grp:x:500:user1,user2,user3,user4,user5,...,user20
Typically, you don't need to mess with that file directly though. Your distribution likely includes administration utilities to simplify things. Even if they don't there are console-based commands that can automate administration of removing and adding users as necessary. I have to imagine there's some sort of similar overhead in Windows for this as well. I mean, if Microsoft developed psychic-Windows to know when users should be added or removed from a specific group, then I'll probably go reinstall...

So I guess what I'm saying is, I don't see where your concern comes into play. Again, it might be that I don't understand the question. If you could expand on what your problem is, it would help. Maybe even just a re-phrasing.
 
Old 09-28-2005, 12:26 AM   #3
plunger
LQ Newbie
 
Registered: Sep 2005
Posts: 3

Original Poster
Rep: Reputation: 1
Terribly sorry, I kinda botched the example. Simply put, I want to add a group to a group. I'll try a different example:
I have 3 groups A, B and C. I have several directories that I need to grant these groups permissions on. Some of the directories need to be accessed by A and B, others, B and C, while others A and C or even all three. Is it possible to simply add the appropriate groups(A, B or C) to the group that already controls the directory? That way I can simply maintain the members of groups A, B and C as opposed to reinventing the wheel every time their membership changes. These are all local accounts/groups. Perhaps that explains my situation better, or maybe not...
Oh and for clarity, I'm running FC3 without X. Sorry for the hassle, thanks again for the help
-p
 
1 members found this post helpful.
Old 09-28-2005, 12:48 AM   #4
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
It's definitely no hassle.

I'll get right to the point. To my understanding, the classic group-based permissions in Linux do not allow you to put a group inside another group. So yeah, now I follow your nested group reference. Under the classic approach, you would need to create X number of "bottom level" groups and then create the more abstract group combo groups. For instance, bottom level groups would be groupA, groupB, groupC, etc. A combo group as I refer to it would be, comboA = groupA and groupC, comboB = groupA and groupB, etc. And yes, you would have to add/remove users from each group (bottom level and all combo groups). Yeah, that would be a pain in the butt.

I'm not aware of any add-on that would do exactly what you want, but there are alternatives. The one I'll offer up is Access Control Lists (ACLs). ACLs allow the administrator to go beyond the one-owner, one-group, all others method. It allows the admin to create arbitrary amounts of complexity. The admin can specify access on a multiple per-user basis: user1 has rw, user2 has rx, user3 has x only, etc. The same can be done for groups. So, essentially, the ACL approach removes need for the "combo" groups above. You define all the bottom level groups, and include them in the ACL for the appropriate access. It's not quite the same as a nested group, but it is closer. If that sounds interesting, be advised it may require you to recompile the kernel to support them.

If anyone else knows of another approach or software add-on, please say so. I have a feeling though, when tinkering with fundamentals like access privileges, a kernel recompile will be necessary; unless it's a utility that handles expanding nested groups to implement the "classic" approach mentioned above.
 
1 members found this post helpful.
Old 09-28-2005, 08:19 AM   #5
plunger
LQ Newbie
 
Registered: Sep 2005
Posts: 3

Original Poster
Rep: Reputation: 1
Thumbs up

Fantastic! Thanks for the help D_H. I'm going to do some looking into them now.
-p
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
groups (system default groups) Xavius Linux - General 2 07-18-2012 03:50 AM
Map Windows NT Groups to UNIX Groups - why? kenji1903 Linux - Networking 4 10-16-2007 12:52 PM
limit to nesting groups within groups? geekgrl Linux - General 3 10-16-2007 12:50 PM
Groups in Linux rushenas Linux - General 2 08-05-2005 07:09 AM
winbind: wbinfo -g only lists global groups from PDC and not local groups saradiya Linux - Networking 0 12-01-2003 03:58 AM


All times are GMT -5. The time now is 06:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration