Is there a way to get read/write access to folder as another user without having to chmod 777?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
Is there a way to get read/write access to folder as another user without having to chmod 777?
I HATE HATE HATE the linux permission system, it's garbage. But that said..
Is there a way I can gain access to a folder, without having to make it owned as my user or having to chmod it 777?
I have lot of different file shares throughout my servers, I'm ditching NFS for SMB hoping to gain a bit of security, problem is it's giving me tons of issues with permissions. As an example I have a folder where it's owned by
user1:user1
My actual account is user2. I'm part of the user1 group, but that does not seem to be enough. Everything is chmodded 775. Yet I still can't create folders or do much. If I chmod everything 777 it works, but that's super dirty.
Is there a way to just make this work properly without everything having to be owned by my user?
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Windows' system is way more flexible.
The group thing has never worked properly for me in Linux, as is the example here. Despite being in the same group as the folder I still can't write to it. Here's what the samba share looks like:
Code:
[share]
comment = desc
path = /volumes/raid1/share
writable = yes
broweseable = yes
guest ok = no
valid users = user2, user3
force user = user1
force group = user1
Everything in that folder is to be owned by user1. I'm user2. Everything chmodded 775.
SMB was never designed to be exposed to external networks, but NTFS/SMB is quite secure on local networks, and ACL's provide much more permissions granularity than standard linux owg permissions.
For SMB access permissions, keep in mind it's the windows user that controls permissions, not the linux user account.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Quote:
Originally Posted by Emerson
SMB is more secure than NFS? NFSv4 is secure enough to be accessed over internet, how about Samba?
NFS relies on user/group IDs and not passwords, which has laughable security. NFSv4 can be setup with kerberos and all that, but that's a huge pain in the ass to setup and it has to be setup on a per machine basis. I should not need to have a PHD just to share files. And I think it STILL wants the user/group IDs to match on each system. It's ridiculous really.
SMB was never designed to be exposed to external networks, but NTFS/SMB is quite secure on local networks, and ACL's provide much more permissions granularity than standard linux ugw permissions.
For SMB access permissions, keep in mind it's the windows user that controls permissions, not the linux user account.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Wait, I know there are separate SMB users that map to the Unix ones and got that setup, but is there the same for groups? I wonder if I have to create special groups?
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Decided to take the F it approach. As dirty as it is, I'm just going to make every single one of my share folders owned by myself. My philosophy was that if this was a network with multiple users some of those folders I may want to give more than one user access, but given Linux's archaic file permission system that does not seem to be very easy to do and I'm in reality the only person that needs access so... screw it.
I hear there's an ACL system in Linux, I just wish it was native. Any time I've tried to use it I just get "not supported". Guessing you need to do/install something special for it to work.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Bah ended up just going back NFS. Realized my whole idea of using Samba was kinda lost if I was forced to make so many changes at the server level permissions. Just going to deal with the stupidity of having to create all users/groups on each machine and having to match the IDs. So basically decided to go back to my old setup.
The Unix way:
own the shared directory by a common Unix group. And have 2775 permissions on directories.
To create group-writable files and directories, each user sets umask 002 (during login e.g. .profile)
The g+s bit is inherited when a subdirectory is created. Its purpose is to force the common group, even if the user's primary group is different.
Last edited by MadeInGermany; 09-12-2016 at 09:13 PM.
Reason: typo
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.