i have a couple questions about users and permissions.

is it possible for a user to belong to more than one group, and if so, how do I set that up? assuming my current entry in /etc/passwd is something like this:

jack:x:511:512:Jack Robbins:/home/jack:/bin/bash

511 is the UID, 512 is the GID, so can i add more than one GID?


my next question concerns file permissions. i understand that when you ls -l a file, it tells you what the current permissions are:

drwxr--r--

would be a directory with full permission to the user who owns it, and read only permission to the group and everyone else. right? now say i have a file owned by user A, and i want to allow user B (from a different group) full access to that file. is there a simple way to do that without giving everyone access and without changing the file's ownership?


and lastly, do file permissions change depending on the location of the file? for example, say i create a file as user A in my home directory, then move that file to the home directory of user B. who has permission to that file now?


i guess that's it for right now. i really appreciate any help you can give me.

Yes, a user can be a member of more than one group. If you're keen on editing text files, open up /etc/group and edit it. If you get dizzy looking at the fields, do man group

Essentially, you find the group you want to add the user to, then append that user's name to the end of the line (using a comma to separate other users). If you use a distribution like Red Hat, there are probably graphical tools to help you do this.

As for the other questions...
Yes, the listing you gave matches your description (a directory with r/w access and read-only access for everyone else including the group)

Since a file has both an owner and an group owner, you can play with those some to try and get your user A & user B configuration (without giving access to everyone). It would get sort of complicated to set up that situation. It's possible, but probably not what you want. The key is to create more groups. So, if you have a file or set of files you want user A and user B to have access to, then make a group, put user A and user B into it, and assign the new group to the file. A user can be a part of more than one group at a time simultaneously, meaning that both can access it.

Moving a file probably won't change it's permissions. Note: if you are copying someone else's file, or moving a file you have read/write access to, the new file might have different owner/group compared tot he original. The umask attribute might come into play as well (not sure). Another thing to consider is the directory you're placing the file in. If nobody can read the contents of the directory, it doesn't matter what the permissions on the file itself are.

thanks so much! i think creating a new group with user A and B in it looks like the best way to go, now that i know it's possible. i'm gonna set that up tonight.

Yes, the owner would have full permissions, and the group and world would have read permission. The gotcha here is that the group and the world would NOT be able to enter that directory. They have to have eXecute permission to be able to enter the directory at all. At minimum the permissions should be 755 for this to happen.