SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I find that only root has permissions to run programs like mount.
So I created a group called admin. I want to enable another entity besides root to run programs like mount. how do i assign group permissions to executable programs?
groupadd, chgrp, and chmod are the commands you need here.
chgrp <groupname> <file> changes the group ownership of a file to whatever group you selected. The group has to exist for this to work. You can add a group with the groupadd program.
chmod is a bit more complex.
There are basic four three bit numbers involved. For now, we will skip the first number. The second number is owner permissions, second is group permissions, third is everyone else.
So, lets break it down. The three bits stand for read, write, and exec.
read = 100 (binary) or 4 (decimal)
write = 010 (binary) or 2 (decimal)
execute = 001 (binary) or 1 (decimal)
Permission can be added together. 6 would be read and write but not execute. 7 would be read write and execute, ect.
So, say we have the mount program for example.
chmod 0550 /sbin/mount
This gives read and execute privileges to the owner of the file (root) and the group designated to the file (in your case admin). It also gives no rights to other users.
Now... that still isn't enough in the case of programs like mount. Mount always has to be executed as root because of the nature of what it does... That is where the first 3-bit number in 0550 comes into play.
The first number is also a 3 bit number, but the bits stand for different things then read, write and execute.
set uid on exec = 100 (binary), 4 (decimal)
set gid on exec = 010 (binary), 2 (decimal)
sticky bit = 001 (binary), 1 (decimal)
The one we really care about here is the set uid on exec. What this means is no matter who executes the program (providing they have exec privileges) it gets run as if the owner of the file ran it.
So, the actual command you would want for mount is:
chmod 4550 /sbin/mount
This assumes your mount program is located in /sbin. If not... change the line accordingly.
To summarize...
groupadd admin
chgrp admin /sbin/mount
chmod 1550 /sbin/mount
This should allow any user in the group admin to run mount.
For more info
man groupadd
man chgrp
man chown
man chmod
thank you for that nice reply. I will try it this evening.
while we are in the subject can teh files be owned by multiple groups or only one group is allowed ownership?
I find that only root has permissions to run programs like mount.
Just out of curiosity, were you having a problem mounting something specific?
I ask because I started doing what you're doing here and then realized it wasn't a problem with permission to run mount, rather permissing to mount specific devices. When I installed 10.0, the default fstab didn't give permission for users to mount my CD/DVD drive, so I had to edit that file, and all was well.
Just mentioning it because of your mentioning mount. Not knowing what the specific issue was, I thought the solution might be less complex than creating new users and setting a permission policy.
actually I had a querious set of problems. It mounted one of my filesystems with user/group id of 500. Then I had to switch to root to reset the permissions.
The other problem I had was I installed a student version of matlab which required you to have the cd in drive for it to run. in suse teh cd was mounted as /media/dvdrecorder and /dev/dvdrecorder. for matlab to work i had to mount the same device on /cdrom.
another curious thing was even though in /etc/fstab the entry was /dev/dvdrecorder, I foudn that the true devie /dev/hdc. I could not figure how /dev/hdc was mapped to /dev/dvdrecorder.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.