Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi folks. afraid i'm pretty green on this one. I'm having trouble wrapping my head around linux groups and why I can't nest one in another. For instance, I have a directory called accounts. in that directory I have multiple sub-directories. For each subdirectory I want to give rw access to the owner and r access to about 20 or 30 other users. Now, **please for forgive me but ** in m$ win I could just create a group for the 20 or 30 users and place it in the group that owns the sub-directory. Then I would only have to maintain 1 listing of the 20 some users. Right now I see my /etc/group file growing very quickly, not to mention the extra foot work for adding or deleting from the list of 20~30.
Is there any way around this. I can't seem to find much documentation on it... Any help would be greatly appreciated.
I'm not positive I understand your question because I don't see how "nested" applies to this situation; in the way I'm familiar with the term.
Everything you said about Microsoft's capability is true with Linux. You can create a directory, make it "group owned" by an arbitrarily named group you create. Then you can add users to that group as you see fit. In /etc/group, the line would look something like:
Typically, you don't need to mess with that file directly though. Your distribution likely includes administration utilities to simplify things. Even if they don't there are console-based commands that can automate administration of removing and adding users as necessary. I have to imagine there's some sort of similar overhead in Windows for this as well. I mean, if Microsoft developed psychic-Windows to know when users should be added or removed from a specific group, then I'll probably go reinstall...
So I guess what I'm saying is, I don't see where your concern comes into play. Again, it might be that I don't understand the question. If you could expand on what your problem is, it would help. Maybe even just a re-phrasing.
Terribly sorry, I kinda botched the example. Simply put, I want to add a group to a group. I'll try a different example:
I have 3 groups A, B and C. I have several directories that I need to grant these groups permissions on. Some of the directories need to be accessed by A and B, others, B and C, while others A and C or even all three. Is it possible to simply add the appropriate groups(A, B or C) to the group that already controls the directory? That way I can simply maintain the members of groups A, B and C as opposed to reinventing the wheel every time their membership changes. These are all local accounts/groups. Perhaps that explains my situation better, or maybe not...
Oh and for clarity, I'm running FC3 without X. Sorry for the hassle, thanks again for the help
I'll get right to the point. To my understanding, the classic group-based permissions in Linux do not allow you to put a group inside another group. So yeah, now I follow your nested group reference. Under the classic approach, you would need to create X number of "bottom level" groups and then create the more abstract group combo groups. For instance, bottom level groups would be groupA, groupB, groupC, etc. A combo group as I refer to it would be, comboA = groupA and groupC, comboB = groupA and groupB, etc. And yes, you would have to add/remove users from each group (bottom level and all combo groups). Yeah, that would be a pain in the butt.
I'm not aware of any add-on that would do exactly what you want, but there are alternatives. The one I'll offer up is Access Control Lists (ACLs). ACLs allow the administrator to go beyond the one-owner, one-group, all others method. It allows the admin to create arbitrary amounts of complexity. The admin can specify access on a multiple per-user basis: user1 has rw, user2 has rx, user3 has x only, etc. The same can be done for groups. So, essentially, the ACL approach removes need for the "combo" groups above. You define all the bottom level groups, and include them in the ACL for the appropriate access. It's not quite the same as a nested group, but it is closer. If that sounds interesting, be advised it may require you to recompile the kernel to support them.
If anyone else knows of another approach or software add-on, please say so. I have a feeling though, when tinkering with fundamentals like access privileges, a kernel recompile will be necessary; unless it's a utility that handles expanding nested groups to implement the "classic" approach mentioned above.