Permissions Issues -- 774

BW-userx · 06-28-2019, 11:02 AM

OTay, I got me three users on my laptop for obvious reasons only known to me.

username:users : they all have the same group: users, I set my data partition to 774.

Code:

sudo chmod 774 /media/data1 -R

when ever I am in a different user account I'll get write errors permission denied whenever I try to write into a directory created by a different user.

So I have to be missing something, even though they all have the same group with group rights to read,write,execute in and on that partition that is ext4 (btw).
so anyone know what I am missing here?

dc.901 · 06-28-2019, 11:18 AM

May be I misunderstood, but what are the permissions (owner:group) of /media/data1?

Turbocapitalist · 06-28-2019, 11:25 AM

It's hard to deal with in the EXT file systems. You have to do tricks with either the setGID bit or with ACLs. Strangely this is just a rare enough problem that it is not fixed like it has been in the various BSDs and their default file systems.

Yet it is common enough to be a problem that I've written a short blog post addressing solutions from the perspective of Sharing Write Access to a Web Directory for Multiple Users

BW-userx · 06-28-2019, 11:59 AM

Quote:

Originally Posted by dc.901

May be I misunderstood, but what are the permissions (owner:group) of /media/data1?

774
owner,group = read, write, execute
other = read only

Code:

total 2455704
drwxrwxr-- 22 userx users       4096 Jun 28 11:54 .
drwxr-xr-x  5 root  root        4096 Jun 23 15:10 ..
-rwxrwxr--  1 mike  users        622 Jun 22 19:51 2tb-hdd-results
drwxrwxr--  5 userx userx       4096 Jun 27 12:02 blender-2.80
-rwxrwxr--  1 userx users        438 Jun 27 12:02 blender.desktop
-rwxrwxr--  1 userx users          0 Jun 14 13:37 bobdidit
drwxrwxr--  6 userx users       4096 Jun 14 11:19 e16
drwxrwxr--  2 userx users     208896 Jun 28 11:52 EtermBGs
-rwxrwxr--  1 userx users         13 Jun 13 21:40 geanyversion
-rwxrwxr--  1 userx users       2669 Jun 16 17:55 getImages
drwxrwxr--  5 mike  users       4096 Jun 22 08:10 GNUstep
-rwxrwxr--  1 root  root        7471 Jun 22 17:29 gparted_details02.htm
-rwxrwxr--  1 root  root        9598 Jun 24 07:43 gparted_details03.htm
-rwxrwxr--  1 root  root        9846 Jun 24 08:57 gparted_details-fixed.htm
-rwxrwxr--  1 userx users        441 Apr 30 14:37 grub-dualboot-cfg
-rwxrwxr--  1 userx users       1330 May 15 10:30 grub.slack
drwxrwxr--  2 userx users      16384 Jan 16 14:43 lost+found
-rwxrwxr--  1 userx users        313 Mar 31 17:45 mencoder-coder
-rwxrwxr--  1 userx users         40 Jan 21 18:32 modprobe
drwxrwxr--  2 userx users      36864 Jun 17 09:04 musicscript
drwxrwxr--  2 userx users      57344 May 15 10:55 MusicTorrents
drwxrwxr--  5 userx users       4096 Jun 20 19:29 projects
drwxrwxr--  7 userx users       4096 Jun 28 10:27 qbitdownloaded
drwxrwxr--  5 userx users       4096 Jun 28 11:00 QbitTemp
-rwxrwxr--  1 userx users      21183 Mar  1 08:19 rc.firewall
drwxrwxr--  2 userx users       4096 May 11 17:08 sbotools
drwxrwxr-- 11 userx users       4096 Jun 11 09:07 scripts
-rwxrwxr--  1 userx users       1969 Jun 19 08:18 snitchImages
drwxrwxr--  2 userx users      73728 Jun 13 17:09 torrents
drwxrwxr--  4 userx users       4096 Feb 14 08:05 .Trash-0
drwxrwxr--  5 userx users       4096 Jan 17 21:09 .Trash-1000
-rwxrwxr--  1 userx users        260 Feb  6 21:19 trim
drwxrwxr--  2 mike  users       4096 Jun 28 11:07 wallpapers

Turbocapitalist · 06-28-2019, 12:01 PM

For directories you need 775 so that 'other' can look up the file names, too.

dc.901 · 06-28-2019, 01:29 PM

Okay, so you have:

user1:users
user2:users
user3:users

When user1 creates a directory /media/data1/user1dir

That directory gets 775 permissions?

If not, I think you need to set ACLs (setfacl)

Turbocapitalist · 06-28-2019, 01:36 PM

Again, you'd need either the setGID bit:

Code:

chmod u=rwx,g=rwxs,o=rx /media/data1/user1dir/

Or an ACL

Code:

setfacl -b -m group:users:rwx,default:group:users:rw- /media/data1/user1dir/

Maybe if you use a different file system than the EXT series it would have an effect too.

BW-userx · 06-28-2019, 01:38 PM

Turbocapitalist dc.901 let me go check into what you said create a dir and checks it permissions, right now my one user no longer knows what a rar or zip file is. In my file manager it is showing a ? (question mark) on the files. might be permissions too, I have no idea. as my other users sees them for what they are.

Ok files looking at them in terminal no ownership, gave the files ownership, now only some are messed up.

inode/x-corrupted type in the description,
anyways let me get back to the creating dir thing, I got them files backedup, and my other user sees them for what they are. (fixed, I ran it again).

Code:

sudo chown userx:users /media/data1/Tars -R

### dir

Code:

mike@arcomeo 100% 5.22G   28.06.19 01:43:51PM
~ mkdir /media/data1/MyTestDir

 
~ ls -la /media/data1/MyTestDir
total 8
drwxr-xr-x  2 mike  users 4096 Jun 28 13:43 .
drwxrwxr-- 23 userx users 4096 Jun 28 13:43 ..

 
~ touch  /media/data1/MyTestDir/MyTestFileMike

 
~ ls -la /media/data1/MyTestDir               
total 8
drwxr-xr-x  2 mike  users 4096 Jun 28 13:44 .
drwxrwxr-- 23 userx users 4096 Jun 28 13:43 ..
-rw-r--r--  1 mike  users    0 Jun 28 13:44 MyTestFileMike

BW-userx · 06-28-2019, 01:57 PM

Quote:

Originally Posted by Turbocapitalist

Again, you'd need either the setGID bit:

Code:

chmod u=rwx,g=rwxs,o=rx /media/data1/user1dir/

Or an ACL

Code:

setfacl -b -m group:users:rwx,default:group:users:rw- /media/data1/user1dir/

Maybe if you use a different file system than the EXT series it would have an effect too.

Let me test some more, https://linuxconfig.org/how-to-use-s...nd-sticky-bits

It might just have been the 774 I ran on it, instead of 775 for whatever reasons.

BW-userx · 06-28-2019, 08:49 PM

Quote:

Originally Posted by Turbocapitalist

Again, you'd need either the setGID bit:

Code:

chmod u=rwx,g=rwxs,o=rx /media/data1/user1dir/

Or an ACL

Code:

setfacl -b -m group:users:rwx,default:group:users:rw- /media/data1/user1dir/

Maybe if you use a different file system than the EXT series it would have an effect too.

OK here is the problem as I ran into it again. it creates a file on /media/data1/somedir then adds files into it, the user has rw on the file, the group only has r on the files and other only has r on the files, then this script i use to move them somewhere else on the same partition into another dir then it fails

Code:

-rw-r--r--  1 mike users  290491 Jun 28 20:36 image-125-007.jpg

mv: cannot move '/media/data1/tempimages/image-125-007.jpg' to '/media/data1/images/image-125-007.jpg': Permission denied

is there a way to give the group itself the permissions so whom ever has that group whenever they create a file dir, it gives that the same permissions, rwx ?

I have not found anything on it yet. just how to change the permissions on a file, which I already know how to do.

the work around for now I could put in the script to change the permissions on the files after unrar and zipping the tar ball.
Nope that did not work (yet?)

this is so screwed up:

in my one user I use zsh ,, just cuz its different, I so not know if that is what is effecting this as well.

but along with the other issue above, when I iuuse in the command to chmod in the terminal, it loses everything ownership to the files and dir.
I did it like that because I am getting tired of typing, so I took that file off my script to copy and paste it and gave the var the same value in the cli to save time. nevertheless, the effects are the same , when I use sudo in bash or zsh even it does not work and loses ownership so I have to go into su and issue the chown to get them back .

Code:

mike@arcomeo 100% 5.20G   28.06.19 09:32:26PM
/media/data1/tempimages to=/media/data1/tempimages

mike@arcomeo 100% 5.18G   28.06.19 09:32:49PM
/media/data1/tempimages find "$to" ! -perm 0664 -exec chmod 664 {} +

mike@arcomeo 100% 5.19G   28.06.19 09:32:54PM
/media/data1/tempimages ls -la "$to"
ls: cannot access '/media/data1/tempimages/.': Permission denied
ls: cannot access '/media/data1/tempimages/..': Permission denied
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..

664 is because I only need rw on owner and group not x on the files, they are images, not executable's , and other only needs read.

I believe it is changing the dir permissions too so that causes it to fail.

Having only one user, don't get this issue. having more than one user more to learn.. woo hoo

BW-userx · 06-28-2019, 10:11 PM

Ok I think I got it figured out now in my script, I added the find and forgot to use -type f from following a fix I found on the net that did not add that, and I didn't even think of it until I had to fix my directories.

Code:

 
sudo find /media/data1 -type d -exec chmod 775 {} \;


#in my script I added this
# it should work no matter which user uses it, due to 
#it gets permissions to whomever uses it, so no
#sudo needed to be added to it. 

find "$to" -type f ! -perm 0664 -exec chmod 664 {} +

I just need to log into a different user and try it now.

#############

It still needs to have the group whenever a user creates, copies, or moves a file to give that group permission rw x when needed so the other user with the very same group can write to it as well. grrrr.

adding the s to dir /media/data1

Code:

mike@arcomeo 100% 5.45G   28.06.19 10:54:39PM
~ cp sedding /media/data1

 
~ ls -lad /media/data1
drwsrwxr-x 24 userx users 4096 Jun 28 22:55 /media/data1

 
~ ls -lad /media/data1/sedding
-rwxr-xr-x 1 mike users 175 Jun 28 22:55 /media/data1/sedding

 
~ ls -la sedding
-rwxr-xr-x 1 mike users 175 Jun 20 09:55 sedding

 
~ chmod 775 sedding

 
~ ls -la sedding   
-rwxrwxr-x 1 mike users 175 Jun 20 09:55 sedding

 
~ cp sedding /media/data1     

 
~ ls -lad /media/data1/sedding
-rwxr-xr-x 1 mike users 175 Jun 28 22:56 /media/data1/sedding

a different user other than userx's group users still does not get rw . write gets removed upon copying it over to somewhere else.

Turbocapitalist · 06-28-2019, 11:41 PM

Quote:

Originally Posted by BW-userx

OK here is the problem as I ran into it again. it creates a file on /media/data1/somedir then adds files into it, the user has rw on the file, the group only has r on the files ...

What is the umask for each of the users? Did you read through the actual blog post I linked to in #3 above?

Edit: and if you used setfacl then what is the output of getfacl for the file or directory in question? The ACL permissions are not going to show up in the output of ls, but you still will be able to write as a member of the group 'users'

ondoho · 06-29-2019, 02:33 AM

Performing this:

Quote:

Originally Posted by BW-userx

Code:

sudo chmod 774 /media/data1 -R

probably messed things up almost beyond repair.
It just made all files executable, not just directories and executables. Now try to undo that

From your description, what you really wanted was to give the group the same permissions as the user?
That would have been:

Code:

sudo chmod g=u /media/data1 -R

(off the top of my head, probably better read up on this before using it)

dc.901 · 06-30-2019, 10:18 AM

Quote:

Originally Posted by BW-userx

is there a way to give the group itself the permissions so whom ever has that group whenever they create a file dir, it gives that the same permissions, rwx ?

Exactly why you need to do either one of the options mentioned by Turbocapitalist in #7

If you are not comfortable doing that on existing directory, this can be easily tested in a temporary directory... But, you need to do one of these: setGID or ACL.

BW-userx · 06-30-2019, 03:44 PM

Quote:

Originally Posted by dc.901

Exactly why you need to do either one of the options mentioned by Turbocapitalist in #7

If you are not comfortable doing that on existing directory, this can be easily tested in a temporary directory... But, you need to do one of these: setGID or ACL.

I seen that ACL and perhaps shied away because I didn't want to put myself through that. The G(roup) ID(entification number) is the same because a group cannot have two or more different numbers.

My understanding was that people in the same group get the same permissions no matter that the UID is. As I looked at what the group was getting only read permissions, and not read write, and even executable. It put me to wondering why, then I got caught up in doing something else and never found how to change that. So the group can have more permissions then just read. Setting it to the s marker didn't do anything either. Asn't that just so whom even adds a file in there the owner of the directory is the one always held accountable when running a script out of that same dir, something like that.
https://linuxconfig.org/how-to-use-s...nd-sticky-bits
here we can see the s bit on the dir, for Mike, and userx created a file, but group still only gets read permissions on that file.

Code:

[userx@arcomeo MyTestDir]$ ls -la
total 8
drwsrwxr-x  2 mike  users 4096 Jun 28 13:44 .
drwsrwxr-x 23 userx users 4096 Jun 29 16:44 ..
-rwxrwxr-x  1 mike  users    0 Jun 28 13:44 MyTestFileMike
[userx@arcomeo MyTestDir]$ touch UserX-creted-file

[userx@arcomeo MyTestDir]$ ls -la
total 8
drwsrwxr-x  2 mike  users 4096 Jun 30 15:48 .
drwsrwxr-x 23 userx users 4096 Jun 29 16:44 ..
-rwxrwxr-x  1 mike  users    0 Jun 28 13:44 MyTestFileMike
-rw-r--r--  1 userx users    0 Jun 30 15:48 UserX-creted-file