Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a home volume with fifty or so home directories in it which each corresponding user can write to as you would expect. I need to give one user (DATA) the ability to write to each of these directories; would this best be accomplished by giving DATA its own group and allowing DATA's group write access to these folders? Am I over-thinking this?
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
Quote:
Originally Posted by chickenminnie
I have a home volume with fifty or so home directories in it which each corresponding user can write to as you would expect. I need to give one user (DATA) the ability to write to each of these directories; would this best be accomplished by giving DATA its own group and
You are not overthinking this and basically it is correct. You would need to set the group ownership of all home directories to data. And then, make all directories group writable.
You can create a new user data, belonging to the data group. He will have write access to all home directories. You don't need to create that user data, you can add any user to the data group.
A slight problem is that ordinary users do not belong to the data group. If they would, everyone would have wrote access to all home directories. But if they are not member of the data group the newly created files do not have group ownership by data and cannot be written by the data group.
In order to make sure every file created in that directory has data groupid, you should set the sticky bit on the user's directory.
A couple of thoughts here:
First, should all files be group writable by DATA?...or only those files DATA writes?
If the latter, I disagree with jlinkels...don't set the sticky bit for group DATA...
Otherwise, their advice looks sound...
But...
How will the "ordinary user" be able to read files created by the DATA user? Do they even need to?
or...more to the point...
What exactly are you trying to accomplish? [This is known as the "Tim D. Memorial Question" where I came from. ]
Why does the user DATA need to write to other user's directories ?
Quote:
Originally Posted by AwesomeMachine
I thought home directories had to be owned by the user.
I don't see that anyone is proposing a change in the ownership of the user's home directories...
This is exactly what I was trying to accomplish, thank you.
Quote:
Originally Posted by jlinkels
The user directories and files remain owned by the user. Group is set to data. Directories and files must be group writable.
jlinkels
This box acts as a file hub of sorts for a bunch of ETL processes and one of our remote technicians discovered that he could traverse the directories in /home which isn't a good idea.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
Owning user not a member of owning group
Quote:
Originally Posted by jlinkels
You would need to set the group ownership of all home directories to data. And then, make all directories group writable.
You can create a new user data, belonging to the data group. A slight problem is that ordinary users do not belong to the data group. If they would, everyone would have wrote access to all home directories.
So, that means ownership would need to be user:group where 'user' is not a member of 'group'? Can you do that?
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
Quote:
Originally Posted by AwesomeMachine
So, that means ownership would need to be user:group where 'user' is not a member of 'group'? Can you do that?
Yes, that is perfectly possible. Look at this example. gemerenciana is not member of the adm group. Still she is able to create files which belong to the adm group. The next problem is that she has a umask of 022. Which should be changed to 002 if files must be group writable. The setgid only makes the group ownership stick.
The idea behind this is that a user co-operating to a project would make his files group writable. Either automatically by changing the umask. Or on purpose to give his group members access.
If you realize how Unix was designed, for which purpose and that the world was not as evil as it is now, it makes perfect sense.
Directory:
Code:
drwxrwsr-x 2 gemerenciana adm 4096 Jun 19 16:43 gemerenciana
Create a file
Code:
gemerenciana@homeservII:/tmp/gemerenciana$ touch weg2
gemerenciana@homeservII:/tmp/gemerenciana$ ll
total 0
-rw-r--r-- 1 gemerenciana adm 0 Jun 19 16:43 weg
-rw-r--r-- 1 gemerenciana adm 0 Jun 19 16:45 weg2
Group membership:
Code:
gemerenciana@homeservII:/tmp/gemerenciana$ groups
users audio scanner family lspec gemerenciana
Owner changes the group permissions while she is not member of that group:
Code:
gemerenciana@homeservII:/tmp/gemerenciana$ chmod g+w weg*
gemerenciana@homeservII:/tmp/gemerenciana$ ll
total 0
-rw-rw-r-- 1 gemerenciana adm 0 Jun 19 16:43 weg
-rw-rw-r-- 1 gemerenciana adm 0 Jun 19 16:45 weg2
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.