Solved

User and Group Question

Posted on 2006-06-15
14
434 Views
Last Modified: 2010-04-20
I have Group A, User A, & User B

User A is a part of Group A.

The problem:
When User A writes a file, User B can not delete that file and when User B writes a file User A can not delete the file.

I what everyone to be able to edit each other files and delete everything. Expect from Group A. This included when users makes new files.

0
Comment
Question by:clintonm9
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 23

Expert Comment

by:brettmjohnson
ID: 16917608
There are a few ways to deal with this:

- The users must explicitly give group write permissions to files they wish others to modify/delete.  This is the default (safest) state.

- You can write a cron job that adds group write privs to all files in a specific shared directory tree.  This is often done, when you have a well known shared directory and don't want to burden the users with maintaining different privileges for files in shared space vs. non-shared space.

- You can do this by setting the umask for everyone in group A to 002 (and making Group A the default group for its members).  Generally this is discouraged, since it does not distinguish between shared space and unshared space.  [The umask is the default permissions mask for all files the user creates.]  
http://www.dartmouth.edu/~rc/help/faq/permissions.html

- You could use Access Control Lists (ACLs) rather than traditional Unix permissions.  This is probably the most preferable solution.



0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16918088
the directory where the file resides must be of same group and have write permission for that group
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 16918119
As hoffmann pointed out: it's the directory where user have to have write permissions to add/delete file. The ownership of the file is meaningless.
Unless the directory have sticky bit set (like /tmp has). If the sticky is in action - user can;t delete file wich he does not own.

Same applies to ACLs - it's still about directory permissions - not the file itself.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 4

Expert Comment

by:Phreonx
ID: 16918250
Hello,
Since you don't specify whether User_B belongs to the same group with User_A, I will try to cover both situations, when this is true and otherwise.

CASE1: User_B belongs to the same group with User_A

I'll try to give you an example. Suppose that User_A who belongs to Group_A creates a file like this under a Dummy directory:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Now suppose that User_B who belongs to Group_A too, does exactly the same to create a FileB under the Dummy directory:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r group. In order to enable inter-user rw access to files independently of who created the file, you need to add w permissions to the GROUP attribute for each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B to be able to delete the file I created:

User_A:~> chmod 664 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r w - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

CASE2: User_B belongs to Group_B, a different group to that of User_A
Same procedure. User_A creates a file under Dummy:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B creates another file under Dummy too:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_B   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r user and p e r group. In order to enable inter-group rw access to files, independently of the group the creator belongs to, you need to add w permissions to the WORLD attribute of each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B who is in a different group, be able to delete the file I created:

User_A:~> chmod 646 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r - - r w -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

Hope I helped ;)




0
 

Author Comment

by:clintonm9
ID: 16919709
Okay, i have an okay understanding on how allthe permissions works and a little on group.

I guess what would be helpful is how do you make it when user b makes a file it sets his group to group 1?

right now it is setting the file to user a.usera

0
 
LVL 4

Expert Comment

by:Phreonx
ID: 16919841
If I understood you correctly, you are trying to change the GROUP attribute. Well, to do this here's how:

For single files:
User_A:~> chgrp new_group_name filename
eg.: Change GROUP ownership of FileA from GroupA to GroupB do this:
User_A:~> chgrp GroupB FileA

For Directories [Recursively]:
User_A:~> chgrp -R new_group_name dir_name
eg.: Change GROUP ownership of DirA from GroupA to GroupB do this:
User_A:~> chgrp -R GroupB DirA

I'm not sure if this answer is the one you're looking for. If it is not, please rephrase your previous question and we'd be happy to help.
0
 

Author Comment

by:clintonm9
ID: 16922448
This is all done through a shared file smb link through windows.

I do not want them to have to change anything them self.

Am i making sense?
0
 
LVL 23

Expert Comment

by:brettmjohnson
ID: 16922608
> This is all done through a shared file smb link through windows.

You were kind of leaving out a bit of crucial information there, huh?
Kind of like complaining to the Doctor about a headache, but failing
to mention you were hit in the head with a hammer.



0
 

Author Comment

by:clintonm9
ID: 16923158
Sorry about that.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16925953
please read my suggestion http:#16918088 again

> .. done through a shared file smb link
if you're talking abut Samba, then you have to set proper directory permissions for the use running cmbd *and* you need to configure smb.conf proper
0
 

Author Comment

by:clintonm9
ID: 16926871
is there a sticky to make a folder and its sub folder be public?

0
 
LVL 4

Accepted Solution

by:
Phreonx earned 125 total points
ID: 16926937
Hello
again your question is not providing enough information as to allow us to help you as much as we could. On to the question now.
I haven't been around EE for very long but I think that it doesn't work with stickies. Anyway, if you're looking for a way to share a folder [i.e. make it public] over samba, here's a very simple configuration:

[public] #Name of Public Share
      comment = Public Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = yes
      writeable = yes
        read only =no
        guest ok = yes

To make a folder private [i.e. users can login after they provide the right credentials], here's how:      

[private]
      comment = Private Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = no
      writeable = yes
      valid users = @private
      write list = @private
      directory mask = 0770      
      create mask = 0770

Of course, you will have to create a new user group [in the example above is "private"] and create a few users that belong to that group. Only those users can browse [or have any other access you grant them] that Private Folder.

Hope I helped ;)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16926977
>  is there a sticky to make a folder and its sub folder be public?
what are you talking about? Unix file/folder permissions or Samba configuration?

Did you try what I suggested? Did you even make yourself used to smb.conf?
0
 

Author Comment

by:clintonm9
ID: 16927482
I did set up the smb.conf file myself.

Thanks Phreonx, i have never seen these commands:

directory mask = 0777
create mask = 0777

So i added them and it allowed all the new files to be shared. Unless they are in a protected dir.

Thanks again


0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question