LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-13-2004, 03:48 PM   #1
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Rep: Reputation: 30
Changing permissions (not working)


I have another question, this time about permissions.

I've partitioned my laptop so I have a fat32 partition that both WinXP and Slack can see. I've mounted it as /shared on the Linux side. Since I want my normal user (non-root) to be able to use this directory to store/transfer files, I logged on as root then did "chmod 777 /shared" which didn't give me any errors or anything. Immediately after I do a "ls -l" and the permissions line is still the same as it was before, "drwxr--r--". Why isn't this changing?

One more permissions question. I often see "chmod 755" given in explanations on this forum. Since most files/directories at this point seem to be owned by root and in the root group, why is there any need to give different permissions to the ower and the group? Why do "chmod 755" instead of "chmod 775"?

Thanks,
Johnathan
 
Old 06-13-2004, 04:17 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,578

Rep: Reputation: 191Reputation: 191
Re: Changing permissions (not working)

Quote:
Originally posted by jrdioko
Immediately after I do a "ls -l" and the permissions line is still the same as it was before, "drwxr--r--". Why isn't this changing?
Try to unmount the partition first. So
Code:
umount /shared
chmod 777 shared
mount /shared
Quote:
One more permissions question. I often see "chmod 755" given in explanations on this forum. Since most files/directories at this point seem to be owned by root and in the root group, why is there any need to give different permissions to the ower and the group? Why do "chmod 755" instead of "chmod 775"?
When you're the only user (and administrator) of the machine, there's no difference. But is there are more administrators, they're often added to 'rout' group (but they have their own accounts). So then 775 will give them write access, when 755 won't.
 
Old 06-13-2004, 04:25 PM   #3
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Ok, that makes sense about the additional administrators in the root group. Does that mean then that on a single-user machine that the owner and group settings are adjusting root's permissions and the world settings are adjusting the user's permissions? Can I simplify it this much or are there still situations I'll run into when this wouldn't apply (again, if I'm only using this as a single-user machine)?

Also, I unmounted /shared, did chmod, checked with ls to confirm it had changed, mounted it, used ls again, and the permissions were back to what they were before. So I can change it when it's unmounted, but mounting it is setting those permissions. I assume I need to change something in my /etc/fstab. It now reads:

"/dev/hda2 /shared vfat defaults 1 0"
 
Old 06-13-2004, 04:26 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
You won't be able to chmod files on a fat partition as it does not support filesystem permissions. You will need to specify a umask when the partition is mounted such as "umask=0000"
 
Old 06-13-2004, 04:31 PM   #5
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,578

Rep: Reputation: 191Reputation: 191
Quote:
Originally posted by jrdioko
Ok, that makes sense about the additional administrators in the root group. Does that mean then that on a single-user machine that the owner and group settings are adjusting root's permissions and the world settings are adjusting the user's permissions? Can I simplify it this much or are there still situations I'll run into when this wouldn't apply (again, if I'm only using this as a single-user machine)?
Not exactly... With default configuration, permissions don't apply to user root (user with id 0). Note that a file may have owner root , but a different group.

Quote:
Also, I unmounted /shared, did chmod, checked with ls to confirm it had changed, mounted it, used ls again, and the permissions were back to what they were before. So I can change it when it's unmounted, but mounting it is setting those permissions. I assume I need to change something in my /etc/fstab.
Try this:
/dev/hda2 /shared vfat umask=000 1 0
 
Old 06-13-2004, 04:40 PM   #6
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
That works perfectly. Thanks!
 
Old 06-13-2004, 04:45 PM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
It may be better to use a gid= option in the /etc/fstab mount entry. Use a umask entry of 007 rather then 000. The later will allow any other user, to access the drive. You can use your user/group name as the gid entry rather than the numeric gid value. Or you could use the 'fileshare' group, and make yourself a member of that group. Controlling group access is the linux version of ACL lists.

One thing that you may need to understand. For native linux file systems like ext2 or ext3, you use the chmod and chown commands when the partition is mounted. For other filesystems like vfat, permissions tend to be set in the mount entries of the /etc/fstab file. Changing the permissions on the directory where the partition is mounted will just change the permissions of the unmounted directory. When the partition is mounted, the permissions and ownership will change.

Last edited by jschiwal; 06-14-2004 at 03:13 PM.
 
Old 06-13-2004, 04:49 PM   #8
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
I see now how fstab sets the permissions as it mounts something. I don't understand what you're saying with the gid thing though. If this is a single-user system, why does what you're saying need to be done, and what exactly are you saying I need to put in my fstab?
 
Old 06-13-2004, 05:00 PM   #9
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
If your user name is 'jrdioko', there is also a jrdioko group. You can add the option 'gid=jrdioko' to the /etc/fstab mount entry for the partition.
Mandrake as a group setup by the name of fileshare. The name isn't important, but controlling group access is the general method of controlling which users can access a drive.
The PAM system is the way that program access is controlled on linux.
If someone were able to access your machine on the internet, a drive mounted with a umask of 000 will be accessable by that person. Also, an errant malware program will have access to the drive. Also, it is best to understand and use secure practices so you are familiar with them in case you will have more than one user on your computer in the future.

Last edited by jschiwal; 06-13-2004 at 05:10 PM.
 
Old 06-13-2004, 07:16 PM   #10
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
I don't think it's quite necessary in my case, but I'll set it up that way as a learning experience . I'm using Slackware, and /etc/group shows that there is no group with the name of my user (the Slack book says that all users are a member of the users group by default, but nothing about a group being created with the name of each user). After this you're saying I change that portion of that line in my fstab to read "umask=007,gid=jrdioko"? I assume you mean 007 instead of 770 (since umask is the opposite of chmod). One last question, does it matter how much blank space is between each section of a line on fstab? I assume it just goes past all the spaces until it hits a real character, but I want to make sure before I start shifting things around. Thanks again.

edit:
One more question... I just wanted to confirm that root can do anything no matter what permissions are set. In a theoretical situation where a file had permissions of 0000 set and the owner and group were someone other than root, would root still be able to change this?

Last edited by jrdioko; 06-13-2004 at 07:18 PM.
 
Old 06-14-2004, 03:20 PM   #11
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
Thank you for noticing my umask mistake. I had given the permission bit values rather than the umask values. I'd have to verify whether the User permission bits for a root owned file affect root. Even if they do, root can still change the permission bits. Root may not be able to execute a file not marked as an executable for example, but root can set the executable bit on any file in the system for instance. I couldn't say whether on a root owned file, whether root can immediately delete a file with the immutable bit set for instance, but I believe that is the case.

You would use the users group if you want all users to be able to access a drive. If you want to control which users can and can't, then use another group. Create a new group yourself with a meaningful name based on what the group is for, or the resource accessed. Suppose you were in school, and you and a few class mates were working on a project. You could give the classmates access to your computer through ssh and set up directory with read and write access for this group--Your brother's family comes for a visit, and you set up an account for your niece so she can play around on linux--You don't make her a member of this group.

You might also create another account for yourself for work you do at home, that is seperate from your personal account, or an account for programming that isn't cluttered with your personal files. You see, setting permissions and creating groups can have a functional purpose apart from security alone.

Last edited by jschiwal; 06-14-2004 at 03:33 PM.
 
Old 06-14-2004, 06:30 PM   #12
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Thanks again for the info. I do see many uses of users and groups, it's just this is a laptop that I'll be using at college, and it's doubtful I'll be doing anything with it that will require other people to have accounts. I set up a group with the name of my user accounta and used the gid= setting, and everything seems to be working well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Permissions jong357 Linux - General 5 01-25-2005 03:39 PM
Changing Permissions synecdoche Linux - General 1 08-21-2003 11:41 AM
changing permissions... ashesh Linux - General 3 08-16-2003 12:32 AM
Changing permissions Mladek Linux - Software 7 07-09-2003 09:57 AM
Permissions Changing ew2003 Linux - Newbie 1 04-29-2003 05:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration