LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-31-2004, 08:12 AM   #1
JWatson
LQ Newbie
 
Registered: Dec 2004
Posts: 6

Rep: Reputation: 0
Multiple Group Rights to One Directory


Hello,

I am a newbie to Linux/Unix however I am learning fast. I understand
rights i.e. Owner Group Other I understand CHMOD and CHGRP and SUID and SGID and Sticky etc...

I understand rights are not cumlative i.e of Ower has R and Group has RW and you are logged in as the Ower you will have R and not RW

One thing I am not 100% sure about at the moment are multiple group rights for example

if you so a LS -l

you see the owner and the primary group who have rights to the file or directory.

Now I come from a Novell background there you can give rights to a file or directory to more than one group at the same time and give these groups different sets of rights to Group1 would have say RW and Group2 RX and Group3 R

therefore if the user was a member of one or more of the above groups he would get the relevent rights the group has.

Can you do the same in Linux i.e. setup a Directory and give different Groups different rights then put users in these groups so they get these rights?

Also can you put users in more than one group?

Thanks
 
Old 12-31-2004, 08:55 AM   #2
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
I not up on the multiple groups for a file/directory, but I do know that a single user can belong to multiple groups.

usermod -G comma,separated,list,of,groups LoginNameOfUser

The list must be complete, If the user is a member of a group which is not listed they will be removed.
 
Old 12-31-2004, 11:09 AM   #3
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 602

Rep: Reputation: 49
Re: Multiple Group Rights to One Directory

Quote:
Originally posted by JWatson
I understand rights are not cumlative i.e of Ower has R and Group has RW and you are logged in as the Ower you will have R and not RW
Correct.

Quote:
One thing I am not 100% sure about at the moment are multiple group rights for example

if you so a LS -l

you see the owner and the primary group who have rights to the file or directory.

Now I come from a Novell background there you can give rights to a file or directory to more than one group at the same time and give these groups different sets of rights to Group1 would have say RW and Group2 RX and Group3 R

therefore if the user was a member of one or more of the above groups he would get the relevent rights the group has.

Can you do the same in Linux i.e. setup a Directory and give different Groups different rights then put users in these groups so they get these rights?
No, you cannot assign more group owners to a single file/directory in a classical unix permissioning scheme.

You can either stick with the "owner-group-all" scheme and create a "super-group" where you assign all users belonging to all the groups you need and assign the directory to that group.

Or you can search for some ways how to enhance the classical access-control scheme by ACLs or MAC...

Quote:
Also can you put users in more than one group?
Yes, you can. You can add a user to any number of groups in /etc/groups
 
Old 12-31-2004, 12:51 PM   #4
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
For information on ACL's (Access Control Lists) which can be used for this. The best site I've found so far is ACL bestbits Theres also an article in Linux Magazine I've found useful.
 
Old 12-31-2004, 01:13 PM   #5
JWatson
LQ Newbie
 
Registered: Dec 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks everyone

Thanks everyone for your assistance,

As a Novell Netware Engineer I am learning SUSE due to Novells acquisition of SUSE

I like Linux as it seems robust and straightforward to a large degree althought the file system seems to basic.

My understanding (running it up in the lab) is
Novell are porting NSS (Novell Storage System) to Linux and together with eDirectory (i.e. like NIS but a full x500 directory to store users and groups and rights etc)

You should be able to have a much more granular file and security system on Linux using the above.

For further info see www.novell.com/oes to my mind this will be a big jump but I still need to learn and understand the basic bones of Linux without these add ons

Thanks every one

John
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Group members and rights EERookie Linux - Newbie 0 06-03-2004 08:19 AM
Group rights: loosing my hairs & my mind... bigbac Mandriva 1 03-26-2004 11:18 AM
Directory rights dtournas Linux - Security 1 09-02-2003 07:23 AM
how to know a certain group has what rights in linux? funnyusa Linux - Newbie 5 06-21-2003 09:38 PM
Question about user/group rights ShibbyLinux Linux - General 1 04-15-2002 03:03 PM


All times are GMT -5. The time now is 09:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration