LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-06-2017, 11:18 AM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Posts: 1,420
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Sub-Directories not picking up correct group permissions for new files/directories


For some reason, when I create a file under /share/space as user bob, it is not inheriting the group of share. Even though share is the group owner of both share and space.

I believe I've also set the correct permissions as well.

Its probably something simple that I'm not doing as well...

Code:
[root@37rellimcm911 tmp]# useradd bob

[root@37rellimcm911 tmp]# useradd alice

[root@37rellimcm911 tmp]# cd /

[root@37rellimcm911 /]# mkdir share

[root@37rellimcm911 /]# groupadd share

[root@37rellimcm911 /]# mkdir -p /share/space

[root@37rellimcm911 /]# chown -R :share share/

[root@37rellimcm911 /]# chmod -R g+w share/

[root@37rellimcm911 /]# chmod g+s share/

[root@37rellimcm911 /]# usermod -aG share bob

[root@37rellimcm911 /]# usermod -aG share alice

[root@37rellimcm911 /]# ls
bin  boot  data  dev  etc  gluster  home  lib  lib64  localrepo  media  mnt  opt  proc  redhat  root  run  sbin  share  srv  swapfile  sys  tmp  usr  var

[root@37rellimcm911 /]# ll

drwxrwsr-x.   3 root share          18 May  6 11:11 share

[root@37rellimcm911 /]# su - bob

[bob@37rellimcm911 ~]$ cd /share/space/

[bob@37rellimcm911 space]$ touch file1 ; ll
total 0
-rw-rw-r--. 1 bob bob 0 May  6 11:12 file1

[bob@37rellimcm911 space]$

[bob@37rellimcm911 space]$ id bob
uid=1005(bob) gid=1006(bob) groups=1006(bob),1008(share)

[bob@37rellimcm911 space]$ id alice
uid=1006(alice) gid=1007(alice) groups=1007(alice),1008(share)

[bob@37rellimcm911 space]$ getent group share
share:x:1008:bob,alice

[bob@37rellimcm911 space]$
 
Old 05-06-2017, 11:26 AM   #2
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,965

Rep: Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833
If you want things created by user 'bob' to have group 'share' then try making 'share' the primary group for user 'bob' and make group 'bob' one of user 'bob's extended groups.

Or, if that is not really what you had in mind, you might turn on the group sticky bit for folder /share (and all sub-folders) and make sure the group on it (and all sub-folders) is 'share' and see if that does what you want.
 
Old 05-06-2017, 11:40 AM   #3
JockVSJock
Senior Member
 
Registered: Jan 2004
Posts: 1,420

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Ok, fixed it.

Wasn't doing the following command:

Code:
chmod -R g+s shared/
That allowed for the SGID to flow to the sub directories.

I didn't think of adding bob as an extend group to bob.

Which is better for security?
 
Old 05-06-2017, 12:59 PM   #4
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342

Rep: Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242
if fixed pls mark solved .. have a great day

Last edited by BW-userx; 05-06-2017 at 01:01 PM.
 
Old 05-07-2017, 11:52 AM   #5
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,965

Rep: Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833
Quote:
Originally Posted by JockVSJock View Post
Ok, fixed it.

Wasn't doing the following command:

Code:
chmod -R g+s shared/
That allowed for the SGID to flow to the sub directories.

I didn't think of adding bob as an extend group to bob.

Which is better for security?
That depends on what needs to be secured here. You are already in a compromise situation, because for perfect security you do not share. Once you establish a shared area, you have already accepted some risk. ;-)

I like the idea of moving members that must share into a particular group, and setting group ownership on the share so that NO ONE ELSE can get far enough into that share tree to even SEE the files or folders present. But that is not the only answer, just MY answer. Sticky bits can come in handy, but I prefer not to use them if there is a more general and portable answer.
 
  


Reply

Tags
file permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to list all directories and subdirectories user & group permissions and export to a file fdzone10 Linux - Security 14 04-10-2015 01:12 AM
Creating files/directories a different group inherits it, how to change JockVSJock CentOS 2 11-22-2014 12:00 PM
Apache Virtual Host doesnt serve files from correct directories ajb1967 Linux - Server 3 08-05-2010 05:55 AM
permissions for group files/directories transferred from Netware mweil Linux - Newbie 1 07-01-2004 11:36 PM
How do I change permissions of files/directories? Okashira Linux - Newbie 5 01-12-2004 06:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration