Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 08-13-2007, 05:24 PM   #1
LQ Newbie
Registered: Aug 2007
Distribution: Ubuntu, Open SUSE
Posts: 2

Rep: Reputation: 0
Group administrator (or changing permissions and ownerships)

Hey Everyone,

I am trying to "secure" some files inside a directory. Essentially what i want to do is to have a person (user) be the administrator of a certain group and allow him to change permissions and ownerships. (Needless to say that I don't want this person to have "root" or "admin" privileges.

More specifically say that I have a directory called "example"

TheUser@MyPc:/home> ls -l | grep example
drwxrwxr-x 31 TheUser users 4096 2007-08-13 12:11 example

Notice that "example" can be written by anyone in the "users" group.

Now lets say that "user1" creates the file "file.user1" and
places it inside "example". Let us further assume that "user1" doesn't have a clue about permissions and we end up with something like this:

$TheUser@MyPc:/home> ls -l example | grep file
-rwxrwxr-x 32 user1 users 4096 2007-08-13 12:11 file.user1
-rwxrwxr-x 33 user2 users 4096 2007-08-13 12:21 file.user2

Of course I don't want either user to mess up with other users files but I would also like for "TheUser" to be able to change the permissions of all the files so that not even "user1" is able to modify the contents of "file.user1".

So far what I have done is

1.- Set the sticky bit on "example"

TheUser@MyPc:/home> chmod 1775 example && ls -l | grep example
drwxrwxr-t 31 TheUser users 4096 2007-08-13 12:11 example

(No messing around with other files)

2.- Making copies of the files to be changed (that takes care of the ownerships); change the permissions of the backup files and then overwriting the original files.

TheUser@MyPc:/home> cd example && cp file.user1 file.user1.bak && chmod 555 file.user1.bak && mv file.user1.bak file.user1 && ls -l | grep file
-r-xr-xr-x 32 TheUser users 4096 2007-08-13 12:51 file.user1
-rwxrwxr-x 33 user2 users 4096 2007-08-13 12:21 file.user2

Notice that this does the trick however I think it is very inefficient, especially when dealing with folders and subfolders.

Does anybody know about a better way to implement this?

Thank you very much in advance.
Old 08-13-2007, 06:25 PM   #2
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
Edit. I thought I had the total solution but I was wrong. Below is a partial solution.

This is what you want to do. First set the ownership of the example directory to TheUser:users.
chown theuser:users example
Then set the sticky bit for the group that owns the directory.
chmod 2770 example
The 4 in the above permission string will force all files created in the example directory to be owned by the users group.

You may not need the sticky bit on the "others" permissions. I'm not sure.

Next you want your user accounts to have their umask set to 740. This next line of code has to go into a login script like /etc/profile.
umask 740

Last edited by stress_junkie; 08-13-2007 at 06:49 PM.
Old 08-15-2007, 01:22 AM   #3
LQ Newbie
Registered: Aug 2007
Distribution: Ubuntu, Open SUSE
Posts: 2

Original Poster
Rep: Reputation: 0
Originally Posted by stress_junkie View Post
Edit. I thought I had the total solution but I was wrong. Below is a partial solution.
Thanks. I will try your way. It does make sense to me and I am sure it will save me from implementing a recursive script.



file permission

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Group carlosinfl Linux - General 4 01-10-2007 02:21 PM
changing group twallstr Linux - Newbie 2 09-11-2005 04:00 PM
restoring default device ownerships/permissions under_r_run Linux - Newbie 5 07-27-2005 02:27 PM
Group Permissions changing back on their own jnezezon Linux - Networking 8 01-09-2004 02:47 AM
changing the group anwar_lpk Linux - Networking 2 05-08-2003 11:10 PM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:29 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration