LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Trouble setting up User Private Group(UPG) in RHEL5 (https://www.linuxquestions.org/questions/linux-general-1/trouble-setting-up-user-private-group-upg-in-rhel5-735384/)

Metropolis 06-24-2009 04:49 PM
Trouble setting up User Private Group(UPG) in RHEL5
 
Hello,

I am trying to setup a UPG as explained on this page,

http://www.centos.org/docs/2/rhl-rg-...te-groups.html

Lets say that I have a folder called "html", a group called "coders", and 2 users named "user1" and "user2." Heres what I did.

I setup the coders group, and added user1 and user2 to that group. When I check the group file I see the following for coders group,

<coders:x:501:user1,user2>

Next I changed all files and folders under the html folder to have the owner of root, the group of coders, and the permissions with the GID sticky bit set,

<chown -R root.coders html>
<chmod -R 2775 html>

Now, if I open up an FTP program like winscp and create a file under the html folder with user1, the permissions on the file are this,

<-rw-rw-r-- 1 user1 coders 5 Jun 24 15:45 test.php>

The sticky bit is gone, and user2 cannot overwrite this file or delete it. I want to set it up so that every user in the "coders" group will have full permissions to all folders and files under the "html" folder. What am I doing wrong? Thanks in advance for any help.

Metropolis

unSpawn 06-24-2009 06:35 PM
Welcome to LQ, hope you like it here.

Quote:
Originally Posted by Metropolis (Post 3585182)
What am I doing wrong?
0) you're using the Red Hat Linux 7.2 reference, 1) please have a look at ACL instead?

Metropolis 06-25-2009 09:08 AM
Hi unSpawn, thank you for the reply.

So are you saying that I need to install ACL in order to fix this problem? Or is there another way? I dont really know alot about the different linux file systems and I dont know anything about this ACL either.

Metropolis

unSpawn 06-25-2009 09:30 AM
I'm saying that UPG, novel as it may have been at the time, has its uses. Given how managing groups can get unwieldy I suggested ACLs as that's what most of these types of questions (should) end up with. That you know nothing of "different linux file systems" or ACL can be easily repaired by reading the documentation and examples there and search LQ for threads on ACL. I hope you will conclude it is versatile and easy to set up, use and manage.

Metropolis 06-25-2009 11:26 AM
Hi unSpawn,

I was reading http://oss.sgi.com/projects/xfs/ and read this,

POSIX Access Control Lists (ACLs)

XFS supports the ACL semantics and interfaces described in the draft POSIX 1003.1e standard.


What im wondering is, if I install the XFS filesystem, will that take care of this ACL problem also?

The current kernal im running is 2.6.18-128.1.14.el5xen, and the df -T command gives me this for my filesystem,

Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
ext3 111477424 4243260 101480104 5% /
/dev/sda1 ext3 101086 28122 67745 30% /boot
tmpfs tmpfs 905552 0 905552 0% /dev/shm
none tmpfs 905464 104 905360 1% /var/lib/xenstored

Im not spectacular with linux so im sorry if im not understanding how to do this. Thanks again for all your help.


Metropolis

Metropolis 06-25-2009 05:09 PM
Ok I think I have figured out my problem. Since im not "spectacular" with linux, I did not really know what ACL is, and I did not know that it is already built into the system. Now that I have figured that out I should be able to find the answers I needed. Thanks again for all your help unSpawn. I will post again later if I still have more questions.


Metropolis

Metropolis 06-26-2009 10:28 AM
Still not working
 
Im using ACL now and im running into the same problems. It seems like no matter what permissions I put on a file or folder for the group, it only allows me to alter the file if it is the owner altering it.

Heres what im doing. I put a default ACL on the html folder like this,

Code:
setfacl -R -d -m g:coders:rwx html
Code:
getfacl html

Produces:
# file: resources
# owner: root
# group: coders
user::rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:coders:rwx
default:mask::rwx
default:other::r-x
Then I also gave all permissions to the coders group like this,

Code:
setfacl -R -m g:coders:rwx html
Now when I logon using winscp I am able to create a file with user1 or user2, but I cannot create a file with user1, and then overwrite that file with user2. Which does not make any sense to me.

Metropolis

Metropolis 06-28-2009 10:18 AM
Nobody can help me on this? Seems like it should be an easy fix.....

unSpawn 06-29-2009 04:08 PM
Maybe it's something with how WinSCP handles things? Does it test OK when using local user accounts?

Metropolis 06-30-2009 11:15 AM
Hmmm Interesting......
 
It seems as though it is uploading fine in filezilla. So maybe the problem is WinSCP.....I just did not think that there would be any difference between the two. Here is the error that WinSCP gives me.

Code:
Permission denied.
Error code: 3
Error message from server: Permission denied
Request code: 9
Do you think I should just ditch WinSCP??

Metropolis 06-30-2009 11:20 AM
Something else
 
Actually, I now realized that WinSCP is actually uploading it fine....Im just getting an error about the permissions, and im having to hit the abort key. Strange.....Maybe FileZilla just knows that this does not matter because it knows the permissions are correct due to the ACL.

unSpawn 06-30-2009 11:35 AM
Would be interesting to run this by the WinSCP people I think.

Metropolis 06-30-2009 02:19 PM
Thanks alot for your help unSpawn...You got me thinking about things that could possibly be the problem :), which helped out alot.

Metropolis

unSpawn 06-30-2009 05:00 PM
NP, you're welcome. Do let us know if there's anything WinSCP-wise or if you want to troubleshoot this a bit more.


All times are GMT -5. The time now is 11:10 PM.