-   Linux - Newbie (
-   -   permissions help please (

rhino02ss 09-14-2003 11:26 PM

permissions help please
I have a general permissions problem that i'm currently trying to deal with. I have an mp3 directory that I want a few users to be able to access. I have created a group named mp3 and set myself and one other user as members of the mp3 group. "chgrp'd" the mp3 directory to be part of the mp3 group (the owner is still set at root). when I have permissions on the directory set to chmod 777 I can access it fine. as soon as I restrict the access such as "chmod 770" or something similar I don't have access to the directory for either of my user accounts that are specified as part of the mp3 group.

What I'm wanting to do is set read/write access for both of these users to anything within this directory.

How do I set access for both read/write (recersivly) for the entire group to have access to anything within this directory?

i58 09-15-2003 12:00 AM

What you want is 770 on all the directories, and 660 on all files in them.

If you just changed the permissions, try logging out and back in. Group membership is read as you log in. Changes won't be updated real-time.

rhino02ss 09-15-2003 04:48 PM

That is exactly what I was wondering about, but never tried.

One thing that I did try was "su"ing into one of the users that I had just created and tried accessing from there. I still wasn't able to access the folders. I'll play around with it more when I get home this evening.

One other question that I have is how do I ensure that anything that I drop within that folder will be accessable by anybody in the MP3 group? When copying in quite a few folders I've noticed that the owner is me (user account "ryan") and the group was also set to my own individual group (ryan).

I know I can do it manualy using chgrp but I would hate to have to do that every time I add a new CD to my collection. (yes... this is a completely legit collection ;) )

i58 09-16-2003 06:35 PM

You need to understand groups to understand this better. Linux uses a very simple permission stsyem, and in some ways it is not as robust as other system's permissions.

Linux does not inherit permissions automatically. There is no way to have a file change ownershp and permissions just by copying it to a directory that I know of.

One thing you may want to check is the system default UMASK setting. It allows you to set the default permissions on all directories and files when they are created. You could set that to use 770 for directories and 644 for files. This would by default, secure things from being read by just anyone.

As to group ownership, you have 2 types of group membership. Your primary, and secondary groups. You can only have one primary group. This is the default group that all your files will be owned by when they are created. Secondary groups just allow you into areas shared by others. You still would have to set the group manually if you want it to be something other than your primary group.

While this may seem a pain, it really isn't. A simple system allows for simple ways to deal with things like this. You can fix it a number of ways. For example, you could write a script that performs the chgrp -R for you, and set it up in cron to run at some interval. Then as files are added, eventually they will be corrected by the script no matter who copies them there.

Or, you could just add the script to your path and run it like a command so that one command fixes them for you.

rhino02ss 09-16-2003 11:30 PM

Ok, I wasn't even thinking of the primary/secondary groups. Now that you mention it, it does make quite a bit of sense.

Changing the group wasn't too big of a deal... I did exactly as you had stated. Even though it wasn't that big of a deal I figured that there may be an easier way of doing things.

That's been a common theme with me and Linux... I can get it done but there's always a way that gets it done 5 times faster.

Thanks for the help... The only possible way that I could make this easier, by the logic that you've specified, would be to add the second user to my primary group.

On a similar note... why does Redhat create a completely different user group for each user? This is something that I'm probably going to change fairly soon. Is there any good reason to keep it this way?

i58 09-16-2003 11:54 PM

Good question. Although I don't work for RedHat, I might guess that they do that so each user's files are readable only by them.

I think you could do something like this to get the effect you want:

1. set your primary groups the same (i'll use "users" in this example)
2. chmod your home directories to 700 to lock out all but you
3. create a directory for public data /home/public for example and chown to root:users, and chmod to 770
4. create an mp3 group
5. create a directory for your mp3's /home/public/mp3 and chgrp to mp3, and chmod to 770
6. add you and anyone else to the mp3 group as a secondary group

Now, you have a shared area for mp3's that you control access to by membership in the mp3 group. And, no matter which of you create the files, they will be owned by your primary group (users) so either of you can read or delete them.

That's just one way to do it, but you can use that example and just dupe it any time you need another area. new dirs under public, and a new group to control access to it. Be aware that there is a limit to the number of secondary groups you can be a member of. I think it's like 16 or so.

All times are GMT -5. The time now is 05:22 PM.