LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-13-2007, 04:24 PM   #1
rikis7
LQ Newbie
 
Registered: Aug 2007
Distribution: Ubuntu, Open SUSE
Posts: 2

Rep: Reputation: 0
Group administrator (or changing permissions and ownerships)


Hey Everyone,

I am trying to "secure" some files inside a directory. Essentially what i want to do is to have a person (user) be the administrator of a certain group and allow him to change permissions and ownerships. (Needless to say that I don't want this person to have "root" or "admin" privileges.

More specifically say that I have a directory called "example"

TheUser@MyPc:/home> ls -l | grep example
drwxrwxr-x 31 TheUser users 4096 2007-08-13 12:11 example

Notice that "example" can be written by anyone in the "users" group.

Now lets say that "user1" creates the file "file.user1" and
places it inside "example". Let us further assume that "user1" doesn't have a clue about permissions and we end up with something like this:

$TheUser@MyPc:/home> ls -l example | grep file
-rwxrwxr-x 32 user1 users 4096 2007-08-13 12:11 file.user1
-rwxrwxr-x 33 user2 users 4096 2007-08-13 12:21 file.user2


Of course I don't want either user to mess up with other users files but I would also like for "TheUser" to be able to change the permissions of all the files so that not even "user1" is able to modify the contents of "file.user1".


So far what I have done is

1.- Set the sticky bit on "example"

TheUser@MyPc:/home> chmod 1775 example && ls -l | grep example
drwxrwxr-t 31 TheUser users 4096 2007-08-13 12:11 example


(No messing around with other files)


2.- Making copies of the files to be changed (that takes care of the ownerships); change the permissions of the backup files and then overwriting the original files.

TheUser@MyPc:/home> cd example && cp file.user1 file.user1.bak && chmod 555 file.user1.bak && mv file.user1.bak file.user1 && ls -l | grep file
-r-xr-xr-x 32 TheUser users 4096 2007-08-13 12:51 file.user1
-rwxrwxr-x 33 user2 users 4096 2007-08-13 12:21 file.user2


Notice that this does the trick however I think it is very inefficient, especially when dealing with folders and subfolders.

Does anybody know about a better way to implement this?

Thank you very much in advance.
 
Old 08-13-2007, 05:25 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Edit. I thought I had the total solution but I was wrong. Below is a partial solution.

This is what you want to do. First set the ownership of the example directory to TheUser:users.
Code:
chown theuser:users example
Then set the sticky bit for the group that owns the directory.
Code:
chmod 2770 example
The 4 in the above permission string will force all files created in the example directory to be owned by the users group.

You may not need the sticky bit on the "others" permissions. I'm not sure.

Next you want your user accounts to have their umask set to 740. This next line of code has to go into a login script like /etc/profile.
Code:
umask 740

Last edited by stress_junkie; 08-13-2007 at 05:49 PM.
 
Old 08-15-2007, 12:22 AM   #3
rikis7
LQ Newbie
 
Registered: Aug 2007
Distribution: Ubuntu, Open SUSE
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by stress_junkie View Post
Edit. I thought I had the total solution but I was wrong. Below is a partial solution.
Thanks. I will try your way. It does make sense to me and I am sure it will save me from implementing a recursive script.

Regards,
 
  


Reply

Tags
file permission


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Group carlosinfl Linux - General 4 01-10-2007 01:21 PM
changing group twallstr Linux - Newbie 2 09-11-2005 03:00 PM
restoring default device ownerships/permissions under_r_run Linux - Newbie 5 07-27-2005 01:27 PM
Group Permissions changing back on their own jnezezon Linux - Networking 8 01-09-2004 01:47 AM
changing the group anwar_lpk Linux - Networking 2 05-08-2003 10:10 PM


All times are GMT -5. The time now is 04:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration