LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-02-2009, 04:12 AM   #1
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Rep: Reputation: 15
groups +w problem


Hi to all

I'm having the following problem with my redhat 3 (yes, there are still somme around:-)
I've already search the forum and googled about it, but without success.

I have a folder, belonging to group A
some users of group A can write in the folder, some other not.

the folder privileges are 775

What must I verify further more than groups belongings and folder permissions?
we are 4 techs here working on it, but no one is really a linux specialists.

thanks in advance
 
Old 09-02-2009, 07:03 AM   #2
gle
LQ Newbie
 
Registered: Mar 2009
Location: Sydney, Australia
Distribution: fedora 23
Posts: 1

Rep: Reputation: 0
I believe that you need to make the folder privileges 777. I don't know whether you know this but the privileges 777 means that the owner (first 7) the people in the same group as the owner (second 7) and anybody else (the third 7) all can modify files in that folder. If you want to restrict the modification of files in that folder to the owner and the people in the same group as the owner then 774 or 775 will do. It just means that anyone who wants to modify a file in that folder will have to be put in the same group as the owner. Either see your system administrator or if you are the system administrator, add the person the the owners group in /etc/group.
 
Old 09-02-2009, 07:16 AM   #3
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
hi

thanks for your reply.
But the point is, that several users in group A can write in the folder belonging to group A, but other users, also in group A cannot write and face a permission denied.

I'm getting crazy about this.
I've been suggested to check out the "syncronisation" between the password and groups files, and the shadow password. Either I'm not sure about this, I will have a look anyway.

One info more, read access seem ok for all users of group A
 
Old 09-02-2009, 09:01 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,397

Rep: Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777
The perms groups are

u = user/owner
g = group
o = other/the world

each of which can be any combo of rwx (read/write/search for dir).
You don't want to open up that dir to the world.
Start by finding out what the current situation is ie

1. ls -l on dir
2. check /etc/group to see who is in the dir's 'owning' group
3. check for ACLs - http://linux.die.net/man/1/getfacl

For a simple situation, you'd have

drwxrwx--- user1 group1

on the dir and everybody in group1 (doesn't have to be primary group).
You might want to force all files to be owned by the dir group eg

chmod g+s dirname
http://linux.die.net/man/1/chmod

For more complex situations, you may want to add ACLs, although it can get fiddly if you start doing that a lot.

HTH
 
Old 09-03-2009, 03:20 AM   #5
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
here a little more explanations:

- here the folder I'm in:
yull@rotor:~/test$ ls -al
total 12
drwxr-xr-x 3 yull users 4096 Sep 2 16:51 .
drwx------ 5 yull users 4096 Sep 2 16:51 ..
drwxrwxr-x 2 apache groupA 4096 Sep 2 16:53 proj

- here my groups:
yull@rotor:~/test$ groups yull
yull: users groupA

- here I try to write in the folder 'proj', owned by groupA, wich I belong to, and wich has write access:
yull@rotor:~/test$ touch proj/test.txt
touch: creating `proj/test.txt': Permission denied

WTF!!!!!


thanks a lot to all for your time
 
Old 09-03-2009, 03:47 AM   #6
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797

Rep: Reputation: 282Reputation: 282Reputation: 282
Which RedHat 3 are you talking about? A version from somewhere in the 90's (not sure if a version 3 existed) or RHEL?
 
Old 09-03-2009, 03:54 AM   #7
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
rhel (enterprise)
 
Old 09-03-2009, 04:05 AM   #8
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 676

Rep: Reputation: 137Reputation: 137
Quote:
Originally Posted by yull View Post
Hi to all

I'm having the following problem with my redhat 3 (yes, there are still somme around:-)
I've already search the forum and googled about it, but without success.

I have a folder, belonging to group A
some users of group A can write in the folder, some other not.

the folder privileges are 775

What must I verify further more than groups belongings and folder permissions?
we are 4 techs here working on it, but no one is really a linux specialists.

thanks in advance
Not always, but usually when some people need write access to the same files, it's a sign that version control system can (should ?) be used instead.

Could you explain what is this folder for and why four people need write access to it ?
 
Old 09-03-2009, 04:26 AM   #9
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
hi

indeed the problem was raised by a problem with our svn install.

But I insist, I'm able to reproduce the problem on the file system, locally, into my homedir, without using nothing else than my command line ssh connection
 
Old 09-03-2009, 04:28 AM   #10
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
we noticed also that if we use a group that is higher positioned in the /etc/groups file, we don't face the problem any more.
Could it be possible there is a limitation to the number of groups in /etc/groups file?
 
Old 09-03-2009, 05:27 AM   #11
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 676

Rep: Reputation: 137Reputation: 137
Quote:
Originally Posted by yull View Post
hi

indeed the problem was raised by a problem with our svn install.

But I insist, I'm able to reproduce the problem on the file system, locally, into my homedir, without using nothing else than my command line ssh connection
SVN server should be owner of the repository only server (== one UID) should be allowed to read/write repository.

So where your problem come from ?
 
Old 09-03-2009, 08:51 PM   #12
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,397

Rep: Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777Reputation: 2777
You may need the newgrp cmd
http://linux.die.net/man/1/newgrp
http://www.yolinux.com/TUTORIALS/Lin...ingGroups.html
 
Old 09-04-2009, 03:43 AM   #13
yull
Member
 
Registered: Dec 2004
Location: Belgium
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
hi to all

here we go a little further:
It looks like we had two problems mixed:
- we fixed the gaps between passwd, groups, shadow and gshadow file using the cleaning binaries available.
- we remain with security problem on our nas: after removing a group from a user, doing a logoff/login to activate those changes to the user, the user kept write access rights to the folder, even if he shouldn't. It appears this is linked to a 16 groups limitation of sys-auth on nfs mounted drives.

we're looking to mount our drives on nfs4, or something else.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Micro$oft AD Groups to Debian Lenny Groups.- Mindblower Linux - Desktop 0 04-22-2009 09:28 AM
Users and Groups Problem jhwatts Ubuntu 3 01-24-2009 10:20 PM
Map Windows NT Groups to UNIX Groups - why? kenji1903 Linux - Networking 4 10-16-2007 11:52 AM
limit to nesting groups within groups? geekgrl Linux - General 3 10-16-2007 11:50 AM
winbind: wbinfo -g only lists global groups from PDC and not local groups saradiya Linux - Networking 0 12-01-2003 02:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration