Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-06-2017, 11:18 AM
|
#1
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Rep:
|
Sub-Directories not picking up correct group permissions for new files/directories
For some reason, when I create a file under /share/space as user bob, it is not inheriting the group of share. Even though share is the group owner of both share and space.
I believe I've also set the correct permissions as well.
Its probably something simple that I'm not doing as well...
Code:
[root@37rellimcm911 tmp]# useradd bob
[root@37rellimcm911 tmp]# useradd alice
[root@37rellimcm911 tmp]# cd /
[root@37rellimcm911 /]# mkdir share
[root@37rellimcm911 /]# groupadd share
[root@37rellimcm911 /]# mkdir -p /share/space
[root@37rellimcm911 /]# chown -R :share share/
[root@37rellimcm911 /]# chmod -R g+w share/
[root@37rellimcm911 /]# chmod g+s share/
[root@37rellimcm911 /]# usermod -aG share bob
[root@37rellimcm911 /]# usermod -aG share alice
[root@37rellimcm911 /]# ls
bin boot data dev etc gluster home lib lib64 localrepo media mnt opt proc redhat root run sbin share srv swapfile sys tmp usr var
[root@37rellimcm911 /]# ll
drwxrwsr-x. 3 root share 18 May 6 11:11 share
[root@37rellimcm911 /]# su - bob
[bob@37rellimcm911 ~]$ cd /share/space/
[bob@37rellimcm911 space]$ touch file1 ; ll
total 0
-rw-rw-r--. 1 bob bob 0 May 6 11:12 file1
[bob@37rellimcm911 space]$
[bob@37rellimcm911 space]$ id bob
uid=1005(bob) gid=1006(bob) groups=1006(bob),1008(share)
[bob@37rellimcm911 space]$ id alice
uid=1006(alice) gid=1007(alice) groups=1007(alice),1008(share)
[bob@37rellimcm911 space]$ getent group share
share:x:1008:bob,alice
[bob@37rellimcm911 space]$
|
|
|
05-06-2017, 11:26 AM
|
#2
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,965
|
If you want things created by user 'bob' to have group 'share' then try making 'share' the primary group for user 'bob' and make group 'bob' one of user 'bob's extended groups.
Or, if that is not really what you had in mind, you might turn on the group sticky bit for folder /share (and all sub-folders) and make sure the group on it (and all sub-folders) is 'share' and see if that does what you want.
|
|
|
05-06-2017, 11:40 AM
|
#3
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
Ok, fixed it.
Wasn't doing the following command:
Code:
chmod -R g+s shared/
That allowed for the SGID to flow to the sub directories.
I didn't think of adding bob as an extend group to bob.
Which is better for security?
|
|
|
05-06-2017, 12:59 PM
|
#4
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
if fixed pls mark solved .. have a great day
Last edited by BW-userx; 05-06-2017 at 01:01 PM.
|
|
|
05-07-2017, 11:52 AM
|
#5
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,965
|
Quote:
Originally Posted by JockVSJock
Ok, fixed it.
Wasn't doing the following command:
Code:
chmod -R g+s shared/
That allowed for the SGID to flow to the sub directories.
I didn't think of adding bob as an extend group to bob.
Which is better for security?
|
That depends on what needs to be secured here. You are already in a compromise situation, because for perfect security you do not share. Once you establish a shared area, you have already accepted some risk. ;-)
I like the idea of moving members that must share into a particular group, and setting group ownership on the share so that NO ONE ELSE can get far enough into that share tree to even SEE the files or folders present. But that is not the only answer, just MY answer. Sticky bits can come in handy, but I prefer not to use them if there is a more general and portable answer.
|
|
|
All times are GMT -5. The time now is 11:30 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|