Solved

User and Group Question

Posted on 2006-06-15
14
432 Views
Last Modified: 2010-04-20
I have Group A, User A, & User B

User A is a part of Group A.

The problem:
When User A writes a file, User B can not delete that file and when User B writes a file User A can not delete the file.

I what everyone to be able to edit each other files and delete everything. Expect from Group A. This included when users makes new files.

0
Comment
Question by:clintonm9
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 23

Expert Comment

by:brettmjohnson
ID: 16917608
There are a few ways to deal with this:

- The users must explicitly give group write permissions to files they wish others to modify/delete.  This is the default (safest) state.

- You can write a cron job that adds group write privs to all files in a specific shared directory tree.  This is often done, when you have a well known shared directory and don't want to burden the users with maintaining different privileges for files in shared space vs. non-shared space.

- You can do this by setting the umask for everyone in group A to 002 (and making Group A the default group for its members).  Generally this is discouraged, since it does not distinguish between shared space and unshared space.  [The umask is the default permissions mask for all files the user creates.]  
http://www.dartmouth.edu/~rc/help/faq/permissions.html

- You could use Access Control Lists (ACLs) rather than traditional Unix permissions.  This is probably the most preferable solution.



0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16918088
the directory where the file resides must be of same group and have write permission for that group
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 16918119
As hoffmann pointed out: it's the directory where user have to have write permissions to add/delete file. The ownership of the file is meaningless.
Unless the directory have sticky bit set (like /tmp has). If the sticky is in action - user can;t delete file wich he does not own.

Same applies to ACLs - it's still about directory permissions - not the file itself.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 4

Expert Comment

by:Phreonx
ID: 16918250
Hello,
Since you don't specify whether User_B belongs to the same group with User_A, I will try to cover both situations, when this is true and otherwise.

CASE1: User_B belongs to the same group with User_A

I'll try to give you an example. Suppose that User_A who belongs to Group_A creates a file like this under a Dummy directory:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Now suppose that User_B who belongs to Group_A too, does exactly the same to create a FileB under the Dummy directory:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r group. In order to enable inter-user rw access to files independently of who created the file, you need to add w permissions to the GROUP attribute for each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B to be able to delete the file I created:

User_A:~> chmod 664 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r w - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

CASE2: User_B belongs to Group_B, a different group to that of User_A
Same procedure. User_A creates a file under Dummy:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B creates another file under Dummy too:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_B   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r user and p e r group. In order to enable inter-group rw access to files, independently of the group the creator belongs to, you need to add w permissions to the WORLD attribute of each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B who is in a different group, be able to delete the file I created:

User_A:~> chmod 646 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r - - r w -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

Hope I helped ;)




0
 

Author Comment

by:clintonm9
ID: 16919709
Okay, i have an okay understanding on how allthe permissions works and a little on group.

I guess what would be helpful is how do you make it when user b makes a file it sets his group to group 1?

right now it is setting the file to user a.usera

0
 
LVL 4

Expert Comment

by:Phreonx
ID: 16919841
If I understood you correctly, you are trying to change the GROUP attribute. Well, to do this here's how:

For single files:
User_A:~> chgrp new_group_name filename
eg.: Change GROUP ownership of FileA from GroupA to GroupB do this:
User_A:~> chgrp GroupB FileA

For Directories [Recursively]:
User_A:~> chgrp -R new_group_name dir_name
eg.: Change GROUP ownership of DirA from GroupA to GroupB do this:
User_A:~> chgrp -R GroupB DirA

I'm not sure if this answer is the one you're looking for. If it is not, please rephrase your previous question and we'd be happy to help.
0
 

Author Comment

by:clintonm9
ID: 16922448
This is all done through a shared file smb link through windows.

I do not want them to have to change anything them self.

Am i making sense?
0
 
LVL 23

Expert Comment

by:brettmjohnson
ID: 16922608
> This is all done through a shared file smb link through windows.

You were kind of leaving out a bit of crucial information there, huh?
Kind of like complaining to the Doctor about a headache, but failing
to mention you were hit in the head with a hammer.



0
 

Author Comment

by:clintonm9
ID: 16923158
Sorry about that.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16925953
please read my suggestion http:#16918088 again

> .. done through a shared file smb link
if you're talking abut Samba, then you have to set proper directory permissions for the use running cmbd *and* you need to configure smb.conf proper
0
 

Author Comment

by:clintonm9
ID: 16926871
is there a sticky to make a folder and its sub folder be public?

0
 
LVL 4

Accepted Solution

by:
Phreonx earned 125 total points
ID: 16926937
Hello
again your question is not providing enough information as to allow us to help you as much as we could. On to the question now.
I haven't been around EE for very long but I think that it doesn't work with stickies. Anyway, if you're looking for a way to share a folder [i.e. make it public] over samba, here's a very simple configuration:

[public] #Name of Public Share
      comment = Public Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = yes
      writeable = yes
        read only =no
        guest ok = yes

To make a folder private [i.e. users can login after they provide the right credentials], here's how:      

[private]
      comment = Private Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = no
      writeable = yes
      valid users = @private
      write list = @private
      directory mask = 0770      
      create mask = 0770

Of course, you will have to create a new user group [in the example above is "private"] and create a few users that belong to that group. Only those users can browse [or have any other access you grant them] that Private Folder.

Hope I helped ;)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16926977
>  is there a sticky to make a folder and its sub folder be public?
what are you talking about? Unix file/folder permissions or Samba configuration?

Did you try what I suggested? Did you even make yourself used to smb.conf?
0
 

Author Comment

by:clintonm9
ID: 16927482
I did set up the smb.conf file myself.

Thanks Phreonx, i have never seen these commands:

directory mask = 0777
create mask = 0777

So i added them and it allowed all the new files to be shared. Unless they are in a protected dir.

Thanks again


0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question