LinuxQuestions.org - Multiple Group Rights to One Directory

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Multiple Group Rights to One Directory (https://www.linuxquestions.org/questions/linux-security-4/multiple-group-rights-to-one-directory-272291/)

Multiple Group Rights to One Directory

Hello,

I am a newbie to Linux/Unix however I am learning fast. I understand
rights i.e. Owner Group Other I understand CHMOD and CHGRP and SUID and SGID and Sticky etc...

I understand rights are not cumlative i.e of Ower has R and Group has RW and you are logged in as the Ower you will have R and not RW

One thing I am not 100% sure about at the moment are multiple group rights for example

if you so a LS -l

you see the owner and the primary group who have rights to the file or directory.

Now I come from a Novell background there you can give rights to a file or directory to more than one group at the same time and give these groups different sets of rights to Group1 would have say RW and Group2 RX and Group3 R

therefore if the user was a member of one or more of the above groups he would get the relevent rights the group has.

Can you do the same in Linux i.e. setup a Directory and give different Groups different rights then put users in these groups so they get these rights?

Also can you put users in more than one group?

Thanks

I not up on the multiple groups for a file/directory, but I do know that a single user can belong to multiple groups.

usermod -G comma,separated,list,of,groups LoginNameOfUser

The list must be complete, If the user is a member of a group which is not listed they will be removed.

Re: Multiple Group Rights to One Directory

Quote:

Originally posted by JWatson
I understand rights are not cumlative i.e of Ower has R and Group has RW and you are logged in as the Ower you will have R and not RW

Correct.

Quote:

One thing I am not 100% sure about at the moment are multiple group rights for example

if you so a LS -l

you see the owner and the primary group who have rights to the file or directory.

Now I come from a Novell background there you can give rights to a file or directory to more than one group at the same time and give these groups different sets of rights to Group1 would have say RW and Group2 RX and Group3 R

therefore if the user was a member of one or more of the above groups he would get the relevent rights the group has.

Can you do the same in Linux i.e. setup a Directory and give different Groups different rights then put users in these groups so they get these rights?

No, you cannot assign more group owners to a single file/directory in a classical unix permissioning scheme.

You can either stick with the "owner-group-all" scheme and create a "super-group" where you assign all users belonging to all the groups you need and assign the directory to that group.

Or you can search for some ways how to enhance the classical access-control scheme by ACLs or MAC...

Quote:

Also can you put users in more than one group?

Yes, you can. You can add a user to any number of groups in /etc/groups

For information on ACL's (Access Control Lists) which can be used for this. The best site I've found so far is ACL bestbits Theres also an article in Linux Magazine I've found useful.

Thanks everyone for your assistance,

As a Novell Netware Engineer I am learning SUSE due to Novells acquisition of SUSE

I like Linux as it seems robust and straightforward to a large degree althought the file system seems to basic.

My understanding (running it up in the lab) is
Novell are porting NSS (Novell Storage System) to Linux and together with eDirectory (i.e. like NIS but a full x500 directory to store users and groups and rights etc)

You should be able to have a much more granular file and security system on Linux using the above.

For further info see www.novell.com/oes to my mind this will be a big jump but I still need to learn and understand the basic bones of Linux without these add ons

Thanks every one

John