LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-26-2014, 03:54 PM   #1
zilexa
LQ Newbie
 
Registered: Jun 2014
Posts: 3

Rep: Reputation: Disabled
New user group permission to only three folders without being owner


I have spend an hour reading many threads and wikis on user permissions on Linux. But I simply cannot find the right solution for my case. I really hate creating my own topic since a lot has been written about it already..

The situation:
- a Raspberry Pi that functions as fileserver, mediacenter and many more.
- the main user (group) besides ROOT is called "xbian".
- There are 6 top folders that I am concerned about that contain personal files and media data.
--> I want to create a new user/group (lets call it user "zombie") that has only permission to read/write to 3 of those 6 folders (folder 1, 2 and 3).
- user "xbian" must still have full access to all the files and folders like it has now.

I am stuck, because chown changes the owner of the folder, which is not the solution because if "zombie" becomes owner of folder 1, 2 and 3, "xbian" wont be owner/able to access it. I don't want to change ownership if it is not neccessary.

The most important thing: user zombie should only have access to folders 1,2,3 and everything in those folders. And no access to anything else. How can I do this?
 
Old 06-26-2014, 04:12 PM   #2
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora
Posts: 1,025

Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
zombie is not the best name for a group since the term 'zombie' already refers to something in Unix.
I'm assuming you have a group called 'xbian' to which only 'xbian' belongs. If not, you can create one. This will be user's xbian own private group.


You can do this:

make a new group called 'staff'
# groupadd staff

make user 'zombie' a member of the staff group:
# usermod -a -g staff zombie

then chown the folders you want the staff group to have access to:
chown -R xbian:staff 1 2 3
chmod -R 770 1 2 3

make sure your private folders belong only to xbian, and cannot be seen by others:
chown -R xbian:xbian 4 5 6
chmod -R 700 4 5 6


That should do it.
 
Old 06-26-2014, 04:53 PM   #3
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Rep: Reputation: Disabled
Or you could use setfacl for extended permissions, just make sure you have acl after defaults in /etc/fstab

Then you can do setfacl -R -m u:zombie:rwx 1 2 3

I suppose it depends on the distro your using whether the extended acls are standard or not. One way to find out is run getfacl on the directory if you get a result, chances are setfacl will work.

The beauty of setfacl is you don't have to worry bout ownership and you can set any permissions to anything.
 
Old 06-26-2014, 05:10 PM   #4
zilexa
LQ Newbie
 
Registered: Jun 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Wow thanks a lot for the quick reply!
You opened my eyes!
But:
Folder 1, 2, 3 must still be read/writable/executable by xbian. I just want to restrict user zombie to these 3 folders. User zombie should not be allowed to read/write/execute any other folders on the system but 1,2,3. chown -R xbian:staff 1 2 3 would mean xbian will no longer have access because it is a different group.

So I think this is the easiest solution:
If I simply create a new user and add it to group xbian, make sure only the owner of this group (xbian) has access to folders 1,2,3,4,5,6 (owner = user xbian) and the group (xbian with the new user in it) has access to 1,2,3. That should do it I think.


Now I did all that, but when I run ls -l, I see all folders, even the ones I did chmod -R 700 still show:
drwxrwxrwx 1 xbian xbian 0 Dec 29 16:41 Documents

as if this folder is 777! How is that possible? I used root to run chmod. But also tried with user xbian.

EDIT: @kbnuts: I understand acl has more options but I want to keep it as simple as possible and rather stick to using chmod/chown for now.

Last edited by zilexa; 06-26-2014 at 05:12 PM.
 
Old 06-26-2014, 10:56 PM   #5
exvor
Senior Member
 
Registered: Jul 2004
Location: Phoenix, Arizona
Distribution: Gentoo, LFS, Debian,Ubuntu
Posts: 1,537

Rep: Reputation: 87
Quote:
Folder 1, 2, 3 must still be read/writable/executable by xbian. I just want to restrict user zombie to these 3 folders. User zombie should not be allowed to read/write/execute any other folders on the system but 1,2,3. chown -R xbian:staff 1 2 3 would mean xbian will no longer have access because it is a different group.
That is incorrect. Because xbian is the owner of the folder it does not matter what group they are in. You need to remember that the numbers for example 7 7 7 for 777 is owner, grup , all users. the number represnet the binary flag for permissive action. Its better to think if it as 111 111 111, first one is for read next write and last is execute. So with the 777 example above the owner has read,write,execute the group has read,write,execute and all users have read,write,execute. If you need it more granular then that then ACL is the way to go.

Sorry if this is a bit confusing this site might be more clear http://linuxcommand.org/lts0070.php

Last edited by exvor; 06-26-2014 at 10:58 PM.
 
Old 06-27-2014, 02:46 AM   #6
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Rep: Reputation: Disabled
As I mentioned, setback will only add, it will not replace the main file permissions.
 
Old 06-27-2014, 03:42 PM   #7
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora
Posts: 1,025

Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
Quote:
Originally Posted by zilexa View Post
Wow thanks a lot for the quick reply!
chown -R xbian:staff 1 2 3 would mean xbian will no longer have access because it is a different group.
No, if you chown xbian:staff then xbian is the owner of the folders. The owner, unless you explicitly change it, has full read/write/eXecute permissions.

The group is ADDITIONAL permissions. In this case, as long as 'zombie' is in the group 'staff', zombie will be able to ALSO access 1,2,3. So both xbian and anyone in the group staff will access the folders.

If you chown 4,5,6 to xbian:xbian then only xbian has permissions for those folders.

Ownership of a file does not get negated by a file's group setting. Also, why not try my suggestion in a test environment instead of posting how you believe it will not work? If you try it and it does not work, then we can work from there; posting why you believe it will not work leaves us no further along in the process, with no new data.
 
Old 07-09-2014, 06:28 PM   #8
zilexa
LQ Newbie
 
Registered: Jun 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks a lot for helping me understand file and user permissions.
I finally have everything the way I want but I still do not understand why it looks like nothing changed. Screenshot:

Check this screenshot: http://cdn.imghack.se/images/c710f52...1fbbdb9a49.png
After doing chmod -R 700 /media/usb0/Documents
I still see drwxrwxrwx for this folder. How is this possible? How can I change it to drwx --- --- ?

EDIT: NEVER MIND! This is my USB drive which is NTFS formatted because I need it to work on my laptops as well, after a holiday I prefer to simply detach the drive from the raspberry, connect it with my laptop (usb3/esata) and then copy the gigabytes of media at once. Ext4 is no option.

Which means all this was pointless but at least I learned a lot about file permissions and user creation!

Last edited by zilexa; 07-09-2014 at 06:32 PM.
 
Old 07-10-2014, 12:57 AM   #9
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora
Posts: 1,025

Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
It's always good to learn! I can't stand using NTFS/FAT/exFAT/HFS* filesystem formats! too much of a bother, really. But yes, sometimes they are needed since the proprietary systems can't be bothered to support free file systems...

Anyway, glad you are learning. Have fun!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Owner 99 Group 99 files & folders adnanm Linux - Newbie 1 05-26-2008 12:02 PM
Change owner, group and permission settings on file and folder creation?? helptonewbie Linux - Newbie 9 12-17-2007 04:03 PM
missing folder permission, owner and group tritonw Linux - General 4 10-29-2007 12:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration