[SOLVED] Group Permisson's

tombelcher7 · 03-30-2012, 04:39 PM

Hello LQ Community,

I am trying to setup a folder on the root of the filesystem called /temp (I know ubuntu server 11.10 has /tmp) so far I have:

Created the directory
Created a group called downloads
Added my user to the group downloads
Changed the group for the /temp folder
Changed group permissions on the folder to: chmod g=rwx /temp -R

But yet when I do:

cd /temp
touch test

I get a permission denied message; where am I going wrong?

T3RM1NVT0R · 03-30-2012, 04:45 PM

Hi tombelcher7,

It appears that you are trying to setup shared directory. This directory will be readable and writable by the members of downloads group. Right?

If that is the case then following commands should help:

1.

Code:

chown -R nobody:downloads /temp

2.

Code:

chmod -R 2770 /temp

I do not know the current permission how it appears as you just mentioned the command but it appears that you are getting access denied because owner of that directory is root.

If the above commands does not work then paste the output of the following:

Code:

ls -l / | grep temp

tombelcher7 · 03-30-2012, 04:51 PM

The chmod change in permisisons for the temp folder that you suggest; could you express it in a non numeric form i.e. in terms of u, g or o with the various permissions rwx etc as I find this a little easier to understand. This will be much appreciated.

Quote:

Originally Posted by T3RM1NVT0R

Hi tombelcher7,

It appears that you are trying to setup shared directory. This directory will be readable and writable by the members of downloads group. Right?

If that is the case then following commands should help:

1.

Code:

chown -R nobody:downloads /temp

2.

Code:

chmod -R 2770 /temp

I do not know the current permission how it appears as you just mentioned the command but it appears that you are getting access denied because owner of that directory is root.

If the above commands does not work then paste the output of the following:

Code:

ls -l / | grep temp

T3RM1NVT0R · 03-30-2012, 05:03 PM

Sure.

In file system permission by default or usually a file or directory has following permissions:

Read equivalent to 4
Write equivalent to 2
Execute equivalent to 1

Further these permissions are setup on the basis of owner then group and then others. So basically if I am setting up 775 permission on a directory using:

Code:

chmod -R 775 /directoryname

that means that I am setting up permission recursively (sub-folders included) on the given directory name where,

1. Owner will have full permission (7=4+2+1)
2. Group will have full permission (7=4+2+1)
3. Other will have read and execute permission (5=4+1). Execute permission is necessary when you are setting it up on a directory otherwise user will not be able to even get into that directory. On a file we only setup execute permission when it is a script / executable file. Otheriwse it is not advisable to set execute permission on file.

Apart from above mentioned permission there are other permissions as well; Like:

1. uid equivalent to 4: This is used to allow multiuser access
2. gid equivalent to 2: This is used to allow multigroup access
3. sticky bit equivalent to 1: This is used to prevent accidental deletion of a file.

So basically the command that I gave you in my previous post translates to:

Code:

chmod -R 2770 /temp

Change permission of temp directory to be setup with gid (multigroup access) where owner and group members will have full permission and other will not have any access.

The reason I have used

Code:

chown -R nobody:downloads /temp

So that when group members create file it will get created with their name and groupname reflects as downloads. This is consider to be best practice or way to setup a shared directory.

tombelcher7 · 03-30-2012, 05:06 PM

Output of piped grep command:

drwxrwxr-x 2 nobody downloads 4096 2012-03-30 21:49 temp

Quote:

Originally Posted by tombelcher7

The chmod change in permisisons for the temp folder that you suggest; could you express it in a non numeric form i.e. in terms of u, g or o with the various permissions rwx etc as I find this a little easier to understand. This will be much appreciated.

tombelcher7 · 03-30-2012, 05:18 PM

I tried the 2770 but i'm still getting permission denied????; btw I've marked your previous post as useful as I appreciate the help....

Quote:

Originally Posted by T3RM1NVT0R

Sure.

In file system permission by default or usually a file or directory has following permissions:

Read equivalent to 4
Write equivalent to 2
Execute equivalent to 1

Further these permissions are setup on the basis of owner then group and then others. So basically if I am setting up 775 permission on a directory using:

Code:

chmod -R 775 /directoryname

that means that I am setting up permission recursively (sub-folders included) on the given directory name where,

1. Owner will have full permission (7=4+2+1)
2. Group will have full permission (7=4+2+1)
3. Other will have read and execute permission (5=4+1). Execute permission is necessary when you are setting it up on a directory otherwise user will not be able to even get into that directory. On a file we only setup execute permission when it is a script / executable file. Otheriwse it is not advisable to set execute permission on file.

Apart from above mentioned permission there are other permissions as well; Like:

1. uid equivalent to 4: This is used to allow multiuser access
2. gid equivalent to 2: This is used to allow multigroup access
3. sticky bit equivalent to 1: This is used to prevent accidental deletion of a file.

So basically the command that I gave you in my previous post translates to:

Code:

chmod -R 2770 /temp

Change permission of temp directory to be setup with gid (multigroup access) where owner and group members will have full permission and other will not have any access.

The reason I have used

Code:

chown -R nobody:downloads /temp

So that when group members create file it will get created with their name and groupname reflects as downloads. This is consider to be best practice or way to setup a shared directory.

T3RM1NVT0R · 03-30-2012, 05:24 PM

Quote:

drwxrwxr-x 2 nobody downloads 4096 2012-03-30 21:49 temp

From the output I can see that it is not setup as a shared directory. On this directory the permission are set as 775 which converts to:

owner(nobody) has got rwx (full access)
group(downloads) has got rwx (full access)
others have got rx (read and execute access)

This means that other users will be able to peak into this directory. Is that the way you want to set? And since you have not set it up as shared directory then files created under this directory by one user cannot be modified by other user in the same group (downloads)

If you setup the permissions as 2770 then it will display the output as follows:

Code:

drwxrws---. 2 nobody downloads 4096 2012-03-30 21:49 temp

This will make sure that only the owner which nobody and group downloads and its members should have access to this directory and no other person. This will also make sure that the files created by the user inside this directory will be owned by them but group will be downloads. This will enable them to modify each others files if required.

T3RM1NVT0R · 03-30-2012, 05:44 PM

Quote:

Originally Posted by tombelcher7

I tried the 2770 but i'm still getting permission denied????; btw I've marked your previous post as useful as I appreciate the help....

From the output you have pasted:

Quote:

drwxrwxr-x 2 nobody downloads 4096 2012-03-30 21:49 temp

It does not appear that you have setup 2770 permission on /temp directory. Refer my previous post.

Reuti · 04-02-2012, 10:22 AM

Did you log out and log in again after you added yourself to the group in question? The actual terminal process might still miss the group. Is it already listed by:

Code:

$ id