LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-31-2015, 08:27 AM   #1
Adiabat
LQ Newbie
 
Registered: Jan 2015
Posts: 5

Rep: Reputation: Disabled
Question Problem with chgrp in bash


Code:
alice@alice:~$ grep 1003 /etc/group
alice:x:1003:
alice@alice:~$ grep 1003 /etc/passwd
alice:x:1003:1003:Alice,,,:/home/alice:/bin/bash
So there's nobody in alice's group except alice (for whatever that's worth)

Code:
alice@alice:~$ ls -ld dollstuff
drwxrwxr-x 2 alice alice 4096 Jan 28 10:55 dollstuff
alice clearly owns and has full access to the directory "dollstuff" which resides in her home directory

Code:
alice@alice:~$ grep 1005 /etc/group
common:x:1005:alice,dilbert,wally
there's another group of which alice is a member, and alice wants to share her directory with the other members of the group

Code:
alice@alice:~$ chgrp common dollstuff
chgrp: changing group of ‘dollstuff’: Operation not permitted
Why not? dilbert and wally do this very same thing on their machines on a regular basis. All are running fully updated Ubuntu 14.04.

"chown ladybug:common dollstuff" is also disallowed, although "rm -r dollstuff" does work.
 
Old 01-31-2015, 09:23 AM   #2
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Jessie (Fluxbox WM)
Posts: 1,388
Blog Entries: 52

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Perhaps obvious, but did user alice relogin (or run 'newgrp' without arguments) after they were added to this 'common' group?

Last edited by neonsignal; 01-31-2015 at 09:25 AM.
 
Old 01-31-2015, 10:19 AM   #3
Adiabat
LQ Newbie
 
Registered: Jan 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
Logged out/in many times.
 
Old 01-31-2015, 10:58 AM   #4
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Jessie (Fluxbox WM)
Posts: 1,388
Blog Entries: 52

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Does this problem only happen with this particular directory, or with any directories created by 'alice'? Are there any access control policies in place (eg Posix access control lists, or any SELinux policies) which may affect 'alice'? Is there a disk quota limit on the 'common' group which may be exceeded?
 
Old 01-31-2015, 11:55 AM   #5
vincix
Member
 
Registered: Feb 2011
Distribution: Centos 6.7, 7
Posts: 556

Rep: Reputation: 52
As a general rule, chgroup, chown and related commands can be executed only by privileged users, so it's rather natural for a common user not to be able to change the group of a file, as it might be considered a security problem (for instance, if you think of quota limit, as neonsignal has already said). On Centos 6.6 the behaviour is identical. But it would be nice if someone suggested a solution to this.
 
Old 01-31-2015, 12:59 PM   #6
Adiabat
LQ Newbie
 
Registered: Jan 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
@neonsignal: no to all. This is a small residential lan, I've never encountered a need to invoke any of those features, and I doubt there's anything in the standard adduser that would do so either. Incidentally, the directory did not exist prior to the upgrade to 14.04.

@vincix: I've just discovered this:

Code:
alice@alice:~$ mkdir test
alice@alice:~$ ls -ld test
drwxrwxr-x 2 alice alice 4096 Jan 31 09:41 test
alice@alice:~$ chgrp common test
chgrp: changing group of ‘test’: Operation not permitted
alice@alice:~$ sudo chgrp common test
[sudo] password for alice: 
alice@alice:~$ ls -ld test
drwxrwxr-x 2 alice common 4096 Jan 31 09:41 test
alice@alice:~$ chgrp alice test
alice@alice:~$ ls -ld test
drwxrwxr-x 2 alice alice 4096 Jan 31 09:41 test
As I indicated previously, "rm -r dollstuff" works. I'm having a hard time imagining how privilege sufficient to delete a directory is somehow insufficient to do a chgrp or chown on that same directory...
 
Old 01-31-2015, 04:21 PM   #7
vincix
Member
 
Registered: Feb 2011
Distribution: Centos 6.7, 7
Posts: 556

Rep: Reputation: 52
Quote:
Originally Posted by Adiabat View Post
@neonsignal: no to all. This is a small residential lan, I've never encountered a need to invoke any of those features, and I doubt there's anything in the standard adduser that would do so either. Incidentally, the directory did not exist prior to the upgrade to 14.04.

@vincix: I've just discovered this:

Code:
alice@alice:~$ mkdir test
alice@alice:~$ ls -ld test
drwxrwxr-x 2 alice alice 4096 Jan 31 09:41 test
alice@alice:~$ chgrp common test
chgrp: changing group of ‘test’: Operation not permitted
alice@alice:~$ sudo chgrp common test
[sudo] password for alice: 
alice@alice:~$ ls -ld test
drwxrwxr-x 2 alice common 4096 Jan 31 09:41 test
alice@alice:~$ chgrp alice test
alice@alice:~$ ls -ld test
drwxrwxr-x 2 alice alice 4096 Jan 31 09:41 test
As I indicated previously, "rm -r dollstuff" works. I'm having a hard time imagining how privilege sufficient to delete a directory is somehow insufficient to do a chgrp or chown on that same directory...
It actually makes sense for chown, chgrp to need higher rights than deleting a file that you own, because if you change the group to some other that exists in the system, that's might represent a bigger security problem. For instance, if a certain user has a quota limit (hdd space limit that a user may use) and you change the owner of a huge file to some other one, then that's trouble for that user. The same I think applies at a group level. But there are other reasons for which chgrp (and the related commands) is a privileged command. Maybe some other knowledgeable people will let us now.

Of course, in your case, it is strange why this behaviour is not consistent when it comes to the other users you've mentioned. So that's interesting to know.
 
Old 01-31-2015, 05:53 PM   #8
Adiabat
LQ Newbie
 
Registered: Jan 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
Solved.

The "common" group was created under the original 12.04 on node alice, and user alice was logged out at least once since then, certainly during the upgrade to 14.04. That's the context in which I replied to neonsignal's question waaay up there at the top of the thread. Turns out I didn't add alice to the group until after the upgrade, and alice had NOT been logged out since that time. Logout/login has resolved the inconsistency.

Thanks for the help, folks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chgrp thiyagusham Linux - Newbie 3 11-14-2012 10:37 AM
Bash problem : -bash: [: /bin/bash: unary operator expected J.A.X Linux - Software 1 09-22-2011 06:52 AM
[SOLVED] problem with chgrp Berend58 Linux From Scratch 2 09-26-2009 11:20 AM
chgrp debacle wtmtech Linux - Newbie 1 09-21-2006 11:22 AM
Chgrp Problem LinuxRam Linux - Newbie 7 08-31-2004 12:55 AM


All times are GMT -5. The time now is 09:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration