[SOLVED] File permissions & Group membership questions - Ubuntu 15.04
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
File permissions & Group membership questions - Ubuntu 15.04
It has been many years since I did any user administration and most of that was in Banyan Vines, Oracle, Windoze network and MVS. But I have done enough in Unix/Linux that I should know this (clutch slipping in brain perhaps :-) I am helping a friend to setup his home/family PC with Ubuntu Mate 15.04 and the basic idea is to keep the kids' accounts separated so that brother and sister cannot poke into each other's stuff and still to allow the parents access when necessary - ideally without resorting to root (pappa) permissions. My first attempt did not work as desired so I have fallen back to a test machine to do some development. Here is what I have:
User moe is the administrator - created during install. User larry is the next account created (using the Ubuntu Mate Users and Groups gui). I noticed that each use's default group - by the same name as the user - was empty. I noticed the same thing on my CentOS 6 machine so I guess this is "normal." In any event, I added users moe and larry to group larry.
I observe the following
Quote:
moe@vmStooges:/home$ ll /home
.
drwxr-xr-x 2 larry larry 4096 Aug 12 08:38 larry/
With these permissions any user can cd into larry's stuff. This is what I wish to prevent so I execute
Quote:
chmod 750 /home/larry
which results in the permissions
Quote:
drwxr-x--- 2 larry larry 4096 Aug 12 08:38 larry/
Group larry has read and execute permissions to /home/larry so that moe, being a member of group larry, should be able to cd into the directory. However,
Quote:
moe@vmStooges:/home$ cd larry/
bash: cd: larry/: Permission denied
I have confirmed the membership of the larry group
Quote:
moe@vmStooges:~$ cat /etc/group | grep larry
larry:x:1001:moe,larry
I am obviously missing something here. Often times I will discover the issue just by defining the question in a post. Not this time I am afraid Help!
TIA,
Ken
p.s. I do not like the permissions scheme to which Ubuntu defaults so I guess I need to tweak the umask - but that will come after I have the above situation sorted.
My involvement in user admin was generally in BATCH mode. For example when we were taking a new version of a LARGE enterprise work management/supply chain suite live one weekend. Needed to remove from 5 - 10 profiles (permissions for the old version of the app) from about 2500 MVS/Top Secret user accounts and replace them with a similar number for the new version of the app. As I was supposed to do I gave the Help Desk/User Admin crew the first refusal on the job. They wanted 6 weeks to do it. I told them the project schedule had a 30 minute window for the removals at the start of the weekend and a 30 minute window at the end when we were ready to go live and let the users back in. What a bunch of crying and excuses by their management. Finally I got permission to do it.
I queried the security database, dumped the report to a data set, ftp(ex) it to my PC, parsed it with FoxPro (my favorite tool) and created two scripts of the profile by profile, user by user top secret commands to remove the old and add the new profiles. I ftp(ed) these back to the mainframe and notified my co-worker in the IT Security unit (who had permission to make the changes). At the appointed time he ran a script and accomplished the 6 weeks of User Admin work in less than a minute. After that if a change impacted more than a handful of users or profiles, User Admin would punt and pass the ticket to me
As to this three stooges issue... Let me cry creating the users and groups etc. manually. I will post my results - probably tomorrow.
And for my next trick I added larry to group curly. larry CAN cd to /home/curly! It seems there is something "special" about the first account created on the machine during Ubuntu installation. I wish software vendors would not try to be helpful and simplify things Let me look around and see if I can find anything unique about the first account. I seem to vaguely recall something weird about the first account created in XP. I would install with a dummy account, create my account and then delete the dummy. I do not remember the details.
Thanks descendant_command. Of course he has not. That would be too simple. Actually I might have shut down and restarted the virtual machine. Testing now...
That did the trick! With my newly created curly account and larry... I did a su larry which of course caused the latest group memberships to be read. I guess I can stick a fork in this one. It is time for dinner anyhow.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.