LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-06-2018, 07:23 AM   #1
funkytwig
LQ Newbie
 
Registered: Jun 2016
Posts: 22

Rep: Reputation: Disabled
Question User Private Groups


Been trying to get my head around UPG.

So from my understanding, each user has there own group and the umask is set to 002 (so if systems setup traditionally I would need to create a group for eatch user)?

$ groupadd <username>

Group permissions are handled at a directory level, so if I have a directory for project 'sales' I create a directory (i.e. sales) and

1$ groupadd sales # can we call this the directory group
2$ mkdir somepath/sales
3$ chown -R root.saless omepath/sales # set user/group of directory
4$ chmod 775 somepath/sales
5$ chmod 2775 somepath/sales # set the setgid

which sets things up and

$ gpasswd -a <username> sales

for each user.

This means that if a user creates a file in the directory all the other users in the same 'directory' group can change it. I made up the term 'directory group' to help me understand (or is there an official term)?

So is setup step 4 necessary, this one has thrown me as we seem to be doing a chmod on the directory twice?

I have two additional questions:

When a user creates a directory under this new 'directory group' does it inherit the same permissions/ownership fo the parent directory (I seem to remember this is how directories work anyway in Linux)?

If I start using UPG on a system that was set up in the traditional way what else do I need to change to bring rest of the system up to UPG?

I got my info from https://access.redhat.com/documentat...te-groups.html

Regards,
Ben

Last edited by funkytwig; 12-06-2018 at 07:26 AM.
 
Old 12-06-2018, 07:28 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,546
Blog Entries: 3

Rep: Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580
Step #4 is not needed because it is covered in #5. If you are having trouble with umasks you can override the default umask for the directory using ACLs. Setting the SetGID bit will allow the EXT file system's directories to inherit group settings. Otherwise it is not normal for EXT like it is in UFS or FFS.

Each account has a matching user group. However, if you wish for two or more accounts to share a group, make one just for that purpose. Think role-based permissions.

Last edited by Turbocapitalist; 12-06-2018 at 07:29 AM.
 
Old 12-06-2018, 08:53 AM   #3
funkytwig
LQ Newbie
 
Registered: Jun 2016
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thanks, Turbocapitalist.

Quote:
Originally Posted by Turbocapitalist View Post
Each account has a matching user group. However, if you wish for two or more accounts to share a group, make one just for that purpose. Think role-based permissions.
Think I understand but does this not break UPG?

I am using EXT4 so my take on it is correct?

Is there a page which outlines the effect of UPG on various filesystem types?

Still interested in how to retrofit UPG on traditionally setup system?

Ben
 
Old 12-06-2018, 11:15 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,546
Blog Entries: 3

Rep: Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580Reputation: 1580
Can you please explain UPG a little and what you want from it?

The only references I see online for it are from RedHat or CentOS related documentation and those make it look like they are just some steps to use normal UNIX groups and permissions, right down to the mention of the SetGID bit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User groups - manage groups Surka Linux - Security 7 05-02-2012 12:56 AM
Accessing a private LAN from another private LAN sholah Linux - Networking 3 07-10-2007 09:17 PM
LXer: Keep your private documents private LXer Syndicated Linux News 0 06-07-2006 04:21 AM
User Private Groups - Good idea or bad? thegeekster Linux - General 0 08-12-2004 06:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration