Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OTay, I got me three users on my laptop for obvious reasons only known to me.
username:users : they all have the same group: users, I set my data partition to 774.
Code:
sudo chmod 774 /media/data1 -R
when ever I am in a different user account I'll get write errors permission denied whenever I try to write into a directory created by a different user.
So I have to be missing something, even though they all have the same group with group rights to read,write,execute in and on that partition that is ext4 (btw).
so anyone know what I am missing here?
It's hard to deal with in the EXT file systems. You have to do tricks with either the setGID bit or with ACLs. Strangely this is just a rare enough problem that it is not fixed like it has been in the various BSDs and their default file systems.
Turbocapitalist dc.901 let me go check into what you said create a dir and checks it permissions, right now my one user no longer knows what a rar or zip file is. In my file manager it is showing a ? (question mark) on the files. might be permissions too, I have no idea. as my other users sees them for what they are.
Ok files looking at them in terminal no ownership, gave the files ownership, now only some are messed up.
inode/x-corrupted type in the description,
anyways let me get back to the creating dir thing, I got them files backedup, and my other user sees them for what they are. (fixed, I ran it again).
Code:
sudo chown userx:users /media/data1/Tars -R
### dir
Code:
mike@arcomeo 100% 5.22G 28.06.19 01:43:51PM
~ mkdir /media/data1/MyTestDir
~ ls -la /media/data1/MyTestDir
total 8
drwxr-xr-x 2 mike users 4096 Jun 28 13:43 .
drwxrwxr-- 23 userx users 4096 Jun 28 13:43 ..
~ touch /media/data1/MyTestDir/MyTestFileMike
~ ls -la /media/data1/MyTestDir
total 8
drwxr-xr-x 2 mike users 4096 Jun 28 13:44 .
drwxrwxr-- 23 userx users 4096 Jun 28 13:43 ..
-rw-r--r-- 1 mike users 0 Jun 28 13:44 MyTestFileMike
Maybe if you use a different file system than the EXT series it would have an effect too.
OK here is the problem as I ran into it again. it creates a file on /media/data1/somedir then adds files into it, the user has rw on the file, the group only has r on the files and other only has r on the files, then this script i use to move them somewhere else on the same partition into another dir then it fails
Code:
-rw-r--r-- 1 mike users 290491 Jun 28 20:36 image-125-007.jpg
mv: cannot move '/media/data1/tempimages/image-125-007.jpg' to '/media/data1/images/image-125-007.jpg': Permission denied
is there a way to give the group itself the permissions so whom ever has that group whenever they create a file dir, it gives that the same permissions, rwx ?
I have not found anything on it yet. just how to change the permissions on a file, which I already know how to do.
the work around for now I could put in the script to change the permissions on the files after unrar and zipping the tar ball.
Nope that did not work (yet?)
this is so screwed up:
in my one user I use zsh ,, just cuz its different, I so not know if that is what is effecting this as well.
but along with the other issue above, when I iuuse in the command to chmod in the terminal, it loses everything ownership to the files and dir.
I did it like that because I am getting tired of typing, so I took that file off my script to copy and paste it and gave the var the same value in the cli to save time. nevertheless, the effects are the same , when I use sudo in bash or zsh even it does not work and loses ownership so I have to go into su and issue the chown to get them back .
Ok I think I got it figured out now in my script, I added the find and forgot to use -type f from following a fix I found on the net that did not add that, and I didn't even think of it until I had to fix my directories.
Code:
sudo find /media/data1 -type d -exec chmod 775 {} \;
#in my script I added this
# it should work no matter which user uses it, due to
#it gets permissions to whomever uses it, so no
#sudo needed to be added to it.
find "$to" -type f ! -perm 0664 -exec chmod 664 {} +
I just need to log into a different user and try it now.
#############
It still needs to have the group whenever a user creates, copies, or moves a file to give that group permission rw x when needed so the other user with the very same group can write to it as well. grrrr.
adding the s to dir /media/data1
Code:
mike@arcomeo 100% 5.45G 28.06.19 10:54:39PM
~ cp sedding /media/data1
~ ls -lad /media/data1
drwsrwxr-x 24 userx users 4096 Jun 28 22:55 /media/data1
~ ls -lad /media/data1/sedding
-rwxr-xr-x 1 mike users 175 Jun 28 22:55 /media/data1/sedding
~ ls -la sedding
-rwxr-xr-x 1 mike users 175 Jun 20 09:55 sedding
~ chmod 775 sedding
~ ls -la sedding
-rwxrwxr-x 1 mike users 175 Jun 20 09:55 sedding
~ cp sedding /media/data1
~ ls -lad /media/data1/sedding
-rwxr-xr-x 1 mike users 175 Jun 28 22:56 /media/data1/sedding
a different user other than userx's group users still does not get rw . write gets removed upon copying it over to somewhere else.
OK here is the problem as I ran into it again. it creates a file on /media/data1/somedir then adds files into it, the user has rw on the file, the group only has r on the files ...
What is the umask for each of the users? Did you read through the actual blog post I linked to in #3 above?
Edit: and if you used setfacl then what is the output of getfacl for the file or directory in question? The ACL permissions are not going to show up in the output of ls, but you still will be able to write as a member of the group 'users'
Last edited by Turbocapitalist; 06-28-2019 at 11:46 PM.
is there a way to give the group itself the permissions so whom ever has that group whenever they create a file dir, it gives that the same permissions, rwx ?
Exactly why you need to do either one of the options mentioned by Turbocapitalist in #7
If you are not comfortable doing that on existing directory, this can be easily tested in a temporary directory... But, you need to do one of these: setGID or ACL.
Exactly why you need to do either one of the options mentioned by Turbocapitalist in #7
If you are not comfortable doing that on existing directory, this can be easily tested in a temporary directory... But, you need to do one of these: setGID or ACL.
I seen that ACL and perhaps shied away because I didn't want to put myself through that. The G(roup) ID(entification number) is the same because a group cannot have two or more different numbers.
My understanding was that people in the same group get the same permissions no matter that the UID is. As I looked at what the group was getting only read permissions, and not read write, and even executable. It put me to wondering why, then I got caught up in doing something else and never found how to change that. So the group can have more permissions then just read. Setting it to the s marker didn't do anything either. Asn't that just so whom even adds a file in there the owner of the directory is the one always held accountable when running a script out of that same dir, something like that. https://linuxconfig.org/how-to-use-s...nd-sticky-bits
here we can see the s bit on the dir, for Mike, and userx created a file, but group still only gets read permissions on that file.
Code:
[userx@arcomeo MyTestDir]$ ls -la
total 8
drwsrwxr-x 2 mike users 4096 Jun 28 13:44 .
drwsrwxr-x 23 userx users 4096 Jun 29 16:44 ..
-rwxrwxr-x 1 mike users 0 Jun 28 13:44 MyTestFileMike
[userx@arcomeo MyTestDir]$ touch UserX-creted-file
[userx@arcomeo MyTestDir]$ ls -la
total 8
drwsrwxr-x 2 mike users 4096 Jun 30 15:48 .
drwsrwxr-x 23 userx users 4096 Jun 29 16:44 ..
-rwxrwxr-x 1 mike users 0 Jun 28 13:44 MyTestFileMike
-rw-r--r-- 1 userx users 0 Jun 30 15:48 UserX-creted-file
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.