LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-06-2017, 10:18 AM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,397
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Sub-Directories not picking up correct group permissions for new files/directories


For some reason, when I create a file under /share/space as user bob, it is not inheriting the group of share. Even though share is the group owner of both share and space.

I believe I've also set the correct permissions as well.

Its probably something simple that I'm not doing as well...

Code:
[root@37rellimcm911 tmp]# useradd bob

[root@37rellimcm911 tmp]# useradd alice

[root@37rellimcm911 tmp]# cd /

[root@37rellimcm911 /]# mkdir share

[root@37rellimcm911 /]# groupadd share

[root@37rellimcm911 /]# mkdir -p /share/space

[root@37rellimcm911 /]# chown -R :share share/

[root@37rellimcm911 /]# chmod -R g+w share/

[root@37rellimcm911 /]# chmod g+s share/

[root@37rellimcm911 /]# usermod -aG share bob

[root@37rellimcm911 /]# usermod -aG share alice

[root@37rellimcm911 /]# ls
bin  boot  data  dev  etc  gluster  home  lib  lib64  localrepo  media  mnt  opt  proc  redhat  root  run  sbin  share  srv  swapfile  sys  tmp  usr  var

[root@37rellimcm911 /]# ll

drwxrwsr-x.   3 root share          18 May  6 11:11 share

[root@37rellimcm911 /]# su - bob

[bob@37rellimcm911 ~]$ cd /share/space/

[bob@37rellimcm911 space]$ touch file1 ; ll
total 0
-rw-rw-r--. 1 bob bob 0 May  6 11:12 file1

[bob@37rellimcm911 space]$

[bob@37rellimcm911 space]$ id bob
uid=1005(bob) gid=1006(bob) groups=1006(bob),1008(share)

[bob@37rellimcm911 space]$ id alice
uid=1006(alice) gid=1007(alice) groups=1007(alice),1008(share)

[bob@37rellimcm911 space]$ getent group share
share:x:1008:bob,alice

[bob@37rellimcm911 space]$
 
Old 05-06-2017, 10:26 AM   #2
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,859

Rep: Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763
If you want things created by user 'bob' to have group 'share' then try making 'share' the primary group for user 'bob' and make group 'bob' one of user 'bob's extended groups.

Or, if that is not really what you had in mind, you might turn on the group sticky bit for folder /share (and all sub-folders) and make sure the group on it (and all sub-folders) is 'share' and see if that does what you want.
 
Old 05-06-2017, 10:40 AM   #3
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: DC
Distribution: RHEL/CentOS
Posts: 1,397

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Ok, fixed it.

Wasn't doing the following command:

Code:
chmod -R g+s shared/
That allowed for the SGID to flow to the sub directories.

I didn't think of adding bob as an extend group to bob.

Which is better for security?
 
Old 05-06-2017, 11:59 AM   #4
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
if fixed pls mark solved .. have a great day

Last edited by BW-userx; 05-06-2017 at 12:01 PM.
 
Old 05-07-2017, 10:52 AM   #5
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,859

Rep: Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763Reputation: 1763
Quote:
Originally Posted by JockVSJock View Post
Ok, fixed it.

Wasn't doing the following command:

Code:
chmod -R g+s shared/
That allowed for the SGID to flow to the sub directories.

I didn't think of adding bob as an extend group to bob.

Which is better for security?
That depends on what needs to be secured here. You are already in a compromise situation, because for perfect security you do not share. Once you establish a shared area, you have already accepted some risk. ;-)

I like the idea of moving members that must share into a particular group, and setting group ownership on the share so that NO ONE ELSE can get far enough into that share tree to even SEE the files or folders present. But that is not the only answer, just MY answer. Sticky bits can come in handy, but I prefer not to use them if there is a more general and portable answer.
 
  


Reply

Tags
file permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to list all directories and subdirectories user & group permissions and export to a file fdzone10 Linux - Security 14 04-10-2015 12:12 AM
Creating files/directories a different group inherits it, how to change JockVSJock CentOS 2 11-22-2014 11:00 AM
Apache Virtual Host doesnt serve files from correct directories ajb1967 Linux - Server 3 08-05-2010 04:55 AM
permissions for group files/directories transferred from Netware mweil Linux - Newbie 1 07-01-2004 10:36 PM
How do I change permissions of files/directories? Okashira Linux - Newbie 5 01-12-2004 05:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration