LinuxQuestions.org - [SOLVED] Sub-Directories not picking up correct group permissions for new files/directories

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Sub-Directories not picking up correct group permissions for new files/directories (https://www.linuxquestions.org/questions/linux-newbie-8/sub-directories-not-picking-up-correct-group-permissions-for-new-files-directories-4175605381/)

Sub-Directories not picking up correct group permissions for new files/directories

For some reason, when I create a file under /share/space as user bob, it is not inheriting the group of share. Even though share is the group owner of both share and space.

I believe I've also set the correct permissions as well.

Its probably something simple that I'm not doing as well...

Code:

[root@37rellimcm911 tmp]# useradd bob



[root@37rellimcm911 tmp]# useradd alice



[root@37rellimcm911 tmp]# cd /



[root@37rellimcm911 /]# mkdir share



[root@37rellimcm911 /]# groupadd share



[root@37rellimcm911 /]# mkdir -p /share/space



[root@37rellimcm911 /]# chown -R :share share/



[root@37rellimcm911 /]# chmod -R g+w share/



[root@37rellimcm911 /]# chmod g+s share/



[root@37rellimcm911 /]# usermod -aG share bob



[root@37rellimcm911 /]# usermod -aG share alice



[root@37rellimcm911 /]# ls

bin  boot  data  dev  etc  gluster  home  lib  lib64  localrepo  media  mnt  opt  proc  redhat  root  run  sbin  share  srv  swapfile  sys  tmp  usr  var



[root@37rellimcm911 /]# ll



drwxrwsr-x.  3 root share          18 May  6 11:11 share



[root@37rellimcm911 /]# su - bob



[bob@37rellimcm911 ~]$ cd /share/space/



[bob@37rellimcm911 space]$ touch file1 ; ll

total 0

-rw-rw-r--. 1 bob bob 0 May  6 11:12 file1



[bob@37rellimcm911 space]$



[bob@37rellimcm911 space]$ id bob

uid=1005(bob) gid=1006(bob) groups=1006(bob),1008(share)



[bob@37rellimcm911 space]$ id alice

uid=1006(alice) gid=1007(alice) groups=1007(alice),1008(share)



[bob@37rellimcm911 space]$ getent group share

share:x:1008:bob,alice



[bob@37rellimcm911 space]$

If you want things created by user 'bob' to have group 'share' then try making 'share' the primary group for user 'bob' and make group 'bob' one of user 'bob's extended groups.

Or, if that is not really what you had in mind, you might turn on the group sticky bit for folder /share (and all sub-folders) and make sure the group on it (and all sub-folders) is 'share' and see if that does what you want.

Ok, fixed it.

Wasn't doing the following command:

Code:



chmod -R g+s shared/

That allowed for the SGID to flow to the sub directories.

I didn't think of adding bob as an extend group to bob.

Which is better for security?

if fixed pls mark solved .. have a great day

Quote:

Originally Posted by JockVSJock (Post 5707028)

Ok, fixed it.

Wasn't doing the following command:

Code:



chmod -R g+s shared/

That allowed for the SGID to flow to the sub directories.

I didn't think of adding bob as an extend group to bob.

Which is better for security?

That depends on what needs to be secured here. You are already in a compromise situation, because for perfect security you do not share. Once you establish a shared area, you have already accepted some risk. ;-)

I like the idea of moving members that must share into a particular group, and setting group ownership on the share so that NO ONE ELSE can get far enough into that share tree to even SEE the files or folders present. But that is not the only answer, just MY answer. Sticky bits can come in handy, but I prefer not to use them if there is a more general and portable answer.