LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices



Reply
 
Search this Thread
Old 12-28-2012, 10:24 PM   #1
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Rep: Reputation: 53
Permission question


Hi all,

Ubuntu 12.04 desktop 64bit

I have /data partition created for keeping data including VMs of Oracle VirtualBox. /data is owned by root. How to allow users to run VMs?

1)
Whether

Give rwx permission to the users of the group
$ sudo chmod go+rwx -R /data

$ cat /etc/group | grep data
www-data:x:33:

Add users allowed to group
Code:
www-data:x:33:userA userB userC etc

2)
How to allow userA userB userC etc running the VM owned by them only?

Now;
$ ls -al /data/VirtualBox\ VMs/
Code:
total 12
drwxrwxr-x 3 satimis satimis 4096 Dec 29 00:49 .
drwxr-xr-x 7 satimis satimis 4096 Dec 29 00:48 ..
drwx------ 3 satimis satimis 4096 Dec 29 00:52 cloudera
drwx------ 2 satimis satimis 4096 Dec 29 10:50 deb600dk00
etc.
satimis is the Administrator
e.g.
userA owns cloudera
userB owns deb600dk00

3)
How to allow other users, say userX userY userZ, to save/read/write their own files on /data NOT /home of Ubuntu?

TIA


Regards
satimis
 
Old 12-29-2012, 05:54 PM   #2
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,368
Blog Entries: 3

Rep: Reputation: 86
Read the man-page on 'chmod' and make sure that you understand how folders (directories) treat the executable "X" permission. It is different from how files treat it.

You don't say, but imply that /data is a mount point for a file system. Mount points are folders that have permissions. Once the file system is mounted, there are other permissions that take effect. Read the man-page on 'mount' and make sure that you understand how mount-point permissions work.

With all of that background, consider creating a 'group' that is specific to your VM activities.
For example, I might use a group name of "vmuser" or "vmdata". Add this group to users who will make routine use of your VMs. Set the ownership of your file system to use this "vmuser" or "vmdata" group ID using chown ... root:vmdata /data or similar. With a little more effort, you could use chown ... vmuser:vmdata /data. NOTE -- This is a similar approach to what happens with a web server or database server. Those apps get their own user+group for administration.

I hope this helps. I'll be here if there are more questions.
~~~ 0;-Dan
 
Old 12-30-2012, 04:17 AM   #3
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by SaintDanBert View Post
Read the man-page on 'chmod' and make sure that you understand how folders (directories) treat the executable "X" permission. It is different from how files treat it.

You don't say, but imply that /data is a mount point for a file system. Mount points are folders that have permissions. Once the file system is mounted, there are other permissions that take effect. Read the man-page on 'mount' and make sure that you understand how mount-point permissions work.

With all of that background, consider creating a 'group' that is specific to your VM activities.
For example, I might use a group name of "vmuser" or "vmdata". Add this group to users who will make routine use of your VMs. Set the ownership of your file system to use this "vmuser" or "vmdata" group ID using chown ... root:vmdata /data or similar. With a little more effort, you could use chown ... vmuser:vmdata /data. NOTE -- This is a similar approach to what happens with a web server or database server. Those apps get their own user+group for administration.
Hi Dan,

Thanks for your advice.

/data is the partition created duing installation of Ubuntu 12.04. It is automatically mounted on booting and owned by root. I don't expect changing its ownership because there are data other than VMs stored on this partition.

What I expect to achieve after migrating the VMs from the OLD HD to the NEW HD are as follows;
1) When the users login their accounts on the PC and starting VirtualBox, they can only view their own VMs
2) Administrator can view all VMs after starting VirtualBox

Regards
satimis

Last edited by satimis; 12-30-2012 at 04:18 AM.
 
Old 12-30-2012, 12:36 PM   #4
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,368
Blog Entries: 3

Rep: Reputation: 86
Quote:
Originally Posted by satimis View Post
...
/data is the partition created duing installation of Ubuntu 12.04. It is automatically mounted on booting and owned by root. I don't expect changing its ownership because there are data other than VMs stored on this partition.

What I expect to achieve after migrating the VMs from the OLD HD to the NEW HD are as follows;
1) When the users login their accounts on the PC and starting VirtualBox, they can only view their own VMs
2) Administrator can view all VMs after starting VirtualBox
...
I routinely create a group and change partition mount point and file system ownership to use the new GID. I can then assign users to that group (in addition to whatever else they might do) and set permissions 'g=rwx' on folders with 'g=rw-' on files. Only members of that group can then access that stuff. In your case, users would require g=vmdata for any sort of access to the files system.

Linux also supports access control lists (ACLs) for another layer of access management.
There are two articles:That will get you started with ACLs. If you are serious about fine control of access to your folders and files, consider ACLs. They require thought and work to setup but they they pay off quite well in most cases.

Keep us posted,
~~~ 0;-Dan
 
Old 12-31-2012, 08:37 PM   #5
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi Dan

Although /data is owned by root users can rw their folders/directories created on this partition for them.

Performed following steps


1)
login administrator, satimis

(remark: I can't create folders/directoris direct on VirtualBox :- Preference -> General -> Default Machine Folder
because /data is owned by root)

On terminal:-
$ sudo mkdir -p /data/VirtualBox/satimis

$ ls -ald /data/
drwxr-xr-x 8 root root 4096 Dec 31 22:34 /data/

$ ls -ald /data/VirtualBox
drwxr-xr-x 3 root root 4096 Dec 31 22:34 /data/VirtualBox

$ ls -ald /data/VirtualBox/satimis/
drwxr-xr-x 2 root root 4096 Dec 31 22:34 /data/VirtualBox/satimis/

$ cd /data/
$ sudo chown -R satimis:satimis VirtualBox

import VM.voa is without problem. All VMs imported work after changing network.


2)
login as userA and create /data/VirtualBox/userA

But I'm not allowed to import its VMs because /VirtualBox is owned by administrator disregarding /userA is owned by userA

Any suggestion. TIA

satimis

Last edited by satimis; 12-31-2012 at 08:39 PM.
 
Old 01-01-2013, 11:43 AM   #6
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,368
Blog Entries: 3

Rep: Reputation: 86
I'm feeling that this is not "permissions" but VM issue. Let's try to separate things:
Try this:
  • login as root sudo -i
  • make a top-level folder somewhere mkdir --verbose /folder
  • set its ownership chown --recursive --verbose user:group /folder
  • set its permissions chmod --recursive --verbose perms /folder
  • test to discover who can create, edit, delete folders and files
  • mount a file system onto your folder mount --types fstype --verbose device /folder
  • test to discover who can create, edit, delete folders and files
(I like to use --verbose for this sort of work so that I get more details to help diagnose whatever happens.)

I hope that this helps,
~~~ 0;-Dan

Last edited by SaintDanBert; 01-01-2013 at 11:45 AM.
 
Old 01-01-2013, 09:30 PM   #7
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by SaintDanBert View Post
I'm feeling that this is not "permissions" but VM issue.
According to the reply responding my posting on virtualbox forum;
Code:
Obviously, you will need to deal appropratly with file permissions and the like. Virtualbox will still run like any other programs using files, and the same concerns apply. This is basic Linux administration level.
Performed following step;

$ sudo -i
[sudo] password for satimis:
# mkdir --verbose /folder
Code:
mkdir: created directory `/folder'
# ls -ald /folder
Code:
drwxr-xr-x 2 root root 4096 Jan  2 10:11 /folder
Re
Quote:
set its ownership chown --recursive --verbose user:group /folder
I'll use "userA" for "user". What shall I replace with "group"?

VirtualBox uses "vboxusers" as group. Thanks

Regards
satimis
 
Old 01-02-2013, 07:11 PM   #8
SaintDanBert
Senior Member
 
Registered: Jan 2009
Location: Austin, TX
Distribution: Mint-15 with Cinnamon & KDE
Posts: 1,368
Blog Entries: 3

Rep: Reputation: 86
You can use whatever you like as a group name string. "groupA" matches "userA" but "framis" or "berful" or "xyzzy" work just as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
permission question IMOBoss Linux - Newbie 4 03-17-2007 12:11 PM
Permission question satimis Linux - General 7 09-29-2005 02:53 AM
Question on permission satimis Linux From Scratch 5 09-28-2005 03:42 AM
Another permission question javamdk Ubuntu 6 08-20-2005 10:09 AM
File Permission Question coopns Linux - Newbie 2 06-18-2004 02:44 PM


All times are GMT -5. The time now is 01:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration