Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
11-12-2009, 04:02 PM
|
#1
|
Member
Registered: Nov 2009
Posts: 147
Rep:
|
assign permissions
hi guys
I had 10 users and 3 linux servers
they are normal users
I need to assign read access to these 1o users to /opt /var /usr
how can I accomplish that without going user by user?
any idea?
should this command work? well for me is not working
chmod -R o+r /var
after that user cannot access /var anymore
Last edited by kopper27; 11-12-2009 at 04:58 PM.
|
|
|
11-12-2009, 05:16 PM
|
#2
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
Ensure that your users belong to the same group.
If you don't have a regular users group create one:
Add all your regular users to the group
Code:
gpasswd -a users username1
gpasswd -a users username2
...
grant open access to directories:
Code:
find /directory -type d -exec chmod g+xr-w {} \;
you can also revogue access to the rest:
find /directory -type d -exec chmod o-xrw {} \;
grant read acess to the rest of the files:
Code:
find /directory -type f -exec chmod g+r {} \;
you can also revogue access to the rest:
find /directory -type f -exec chmod o-rwx {} \;
Be careful on changing the permissions on /usr and /var and /opt
Do that at your own risk.
<edit>
changed an error -type d to -type f on the files section
</edit>
Last edited by ammorais; 11-12-2009 at 05:20 PM.
|
|
|
11-12-2009, 05:34 PM
|
#3
|
Member
Registered: Nov 2009
Posts: 147
Original Poster
Rep:
|
I think the command is
chmod -R o+r *
so I need to be in the folder /var before
|
|
|
11-12-2009, 05:38 PM
|
#4
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.x
Posts: 18,434
|
You're going to need the 'x' perm on the dirs as well; it means search/access on a dir, not 'execute' http://linux.die.net/man/1/chmod
|
|
|
11-12-2009, 05:39 PM
|
#5
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
Quote:
Originally Posted by kopper27
I think the command is
chmod -R o+r *
so I need to be in the folder /var before
|
You will be changing others permissions so you will be giving read access to everyone.
Also by only adding +r to all files you are not giving read access to directories.
Was there something in my reply that you didn't understand???
PS:
Quote:
I think the command is ...
|
If you are going to ignore the answers that are given to you why do you come here?
Last edited by ammorais; 11-12-2009 at 05:44 PM.
|
|
|
11-12-2009, 05:50 PM
|
#6
|
Member
Registered: Nov 2009
Posts: 147
Original Poster
Rep:
|
really sorry I posted without updating the post so I never saw your answer
so it's going to be
Code:
groupadd normalreaduser
Code:
gpasswd -a normalreaduser user1
gpasswd -a normalreaduser user2
gpasswd -a normalreaduser user3
...
and this
Code:
find /var -type d -exec chmod g+xr-w {} \;
find /var -type f -exec chmod g+r {} \;
Am I right?
Why could be risky to add read access to /var and /usr?
I was thinking I needed to specify the group name somewhere
Last edited by kopper27; 11-12-2009 at 05:57 PM.
|
|
|
11-12-2009, 05:55 PM
|
#7
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
Quote:
sorry I posted without updating the post so I never saw your answer
|
It's a little difficult to swallow that since your reply was posted 18 minutes after mine. Anyway everybody deserves the benefit of the doubt.
Quote:
Am I right?
I was thinking I needed to specify the group name somewhere
|
You are exactly right.
PS: Your users may also already belong to a group, so check the groups and their users in /etc/groups
Last edited by ammorais; 11-12-2009 at 05:57 PM.
|
|
|
11-12-2009, 06:04 PM
|
#8
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
Quote:
Why could be risky to add read access to /var and /usr?
|
I didn't noticed this line.
Changing file permissions on system files it's something that you should be careful. Some programs depend on specific file permissions, and do not function properly (or at all) if you change the permissions.
|
|
|
11-12-2009, 08:57 PM
|
#9
|
Member
Registered: Nov 2009
Posts: 147
Original Poster
Rep:
|
got your point but I was working and let the windows opened when I did some test about chmod and posted after posting found your answer.
well so far
I got users like this some they below to their own group
so I need to create a new group
Code:
uid=508(lorenzo) gid=508(lorenzo) groups=508(lorenzo)
uid=508(roberto) gid=508(roberto) groups=508(roberto)
I get this error
Code:
[root@node02 ~]# groupadd testgroup
[root@node02 ~]# gpasswd -a testgroup user1
gpasswd: unknown user testgroup
Can I add the new group as a secondary group?
Code:
[root@node02 ~]# usermod -a -G testgroup user1
|
|
|
11-12-2009, 09:21 PM
|
#10
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
sorry my bad.
it's gpasswd -a user group
On unix when in doubt use:
Code:
command --help
or
man command
The last option that you suggested is also valid.
in Unix there's usually several ways of doing something.
An alternative way is to edit the /etc/groups directly
Last edited by ammorais; 11-12-2009 at 09:24 PM.
|
|
|
11-13-2009, 10:20 AM
|
#11
|
LQ Newbie
Registered: Nov 2009
Posts: 4
Rep:
|
ammorais thanks a lot for your help and the other guys
BTW ammorais yes it's not a good practice AT ALL for instance in /usr/ we got some APPs that could not word If I assign read to ALL
thanks a lot
I am going to check this request to be completely sure
|
|
|
11-13-2009, 02:39 PM
|
#12
|
Member
Registered: Nov 2009
Posts: 147
Original Poster
Rep:
|
by the way guys
I am thinking about this
for instance I have a directory which owner is root:root
is there any way like in windows 2003 to assign another group (which includes my 10 users) and give to that group read permissions?
basically I wanna know if a directory can be manage by different groups.
This is because during this journey I got a directory which owner was something different that root so I used (apache_group)
Code:
usermod -a -G apache_group user1
but I cannot do that the same when a owner of a directory is root
Code:
usermod -a -G root user1
that's a Big NO NO
any idea?
|
|
|
11-13-2009, 04:08 PM
|
#13
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
I totality forgot that you must assign the directory's group.
Code:
chgrp users /directory
Answering your question.
In Unix each file can only have one user and one group.
What you want is Access Control List. Have a look here to see how to work with it.
Also I suggest you have a look at Role-based access control implementations. Currently they are supported by grsecurity and SELinux.
|
|
|
11-13-2009, 04:16 PM
|
#14
|
Member
Registered: Nov 2009
Posts: 147
Original Poster
Rep:
|
Quote:
Originally Posted by ammorais
I totality forgot that you must assign the directory's group.
Code:
chgrp users /directory
Answering your question.
In Unix each file can only have one user and one group.
What you want is Access Control List. Have a look here to see how to work with it.
Also I suggest you have a look at Role-based access control implementations. Currently they are supported by grsecurity and SELinux.
|
thanks a lot for all that info
I think I am going to have some to thing this weekend 
|
|
|
11-13-2009, 04:34 PM
|
#15
|
Member
Registered: Nov 2009
Location: Lisbon, Portugal
Distribution: Gentoo, CentOs, Ubuntu, Debian
Posts: 182
Rep:
|
Quote:
Originally Posted by kopper27
thanks a lot for all that info
I think I am going to have some to thing this weekend 
|
You're welcome.
Good luck.
|
|
|
All times are GMT -5. The time now is 02:06 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|