Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 441
  • Last Modified:

User and Group Question

I have Group A, User A, & User B

User A is a part of Group A.

The problem:
When User A writes a file, User B can not delete that file and when User B writes a file User A can not delete the file.

I what everyone to be able to edit each other files and delete everything. Expect from Group A. This included when users makes new files.

0
clintonm9
Asked:
clintonm9
  • 5
  • 3
  • 3
  • +2
1 Solution
 
brettmjohnsonCommented:
There are a few ways to deal with this:

- The users must explicitly give group write permissions to files they wish others to modify/delete.  This is the default (safest) state.

- You can write a cron job that adds group write privs to all files in a specific shared directory tree.  This is often done, when you have a well known shared directory and don't want to burden the users with maintaining different privileges for files in shared space vs. non-shared space.

- You can do this by setting the umask for everyone in group A to 002 (and making Group A the default group for its members).  Generally this is discouraged, since it does not distinguish between shared space and unshared space.  [The umask is the default permissions mask for all files the user creates.]  
http://www.dartmouth.edu/~rc/help/faq/permissions.html

- You could use Access Control Lists (ACLs) rather than traditional Unix permissions.  This is probably the most preferable solution.



0
 
ahoffmannCommented:
the directory where the file resides must be of same group and have write permission for that group
0
 
ravenplCommented:
As hoffmann pointed out: it's the directory where user have to have write permissions to add/delete file. The ownership of the file is meaningless.
Unless the directory have sticky bit set (like /tmp has). If the sticky is in action - user can;t delete file wich he does not own.

Same applies to ACLs - it's still about directory permissions - not the file itself.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
PhreonxCommented:
Hello,
Since you don't specify whether User_B belongs to the same group with User_A, I will try to cover both situations, when this is true and otherwise.

CASE1: User_B belongs to the same group with User_A

I'll try to give you an example. Suppose that User_A who belongs to Group_A creates a file like this under a Dummy directory:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Now suppose that User_B who belongs to Group_A too, does exactly the same to create a FileB under the Dummy directory:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r group. In order to enable inter-user rw access to files independently of who created the file, you need to add w permissions to the GROUP attribute for each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B to be able to delete the file I created:

User_A:~> chmod 664 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r w - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

CASE2: User_B belongs to Group_B, a different group to that of User_A
Same procedure. User_A creates a file under Dummy:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B creates another file under Dummy too:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_B   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r user and p e r group. In order to enable inter-group rw access to files, independently of the group the creator belongs to, you need to add w permissions to the WORLD attribute of each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B who is in a different group, be able to delete the file I created:

User_A:~> chmod 646 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r - - r w -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

Hope I helped ;)




0
 
clintonm9Author Commented:
Okay, i have an okay understanding on how allthe permissions works and a little on group.

I guess what would be helpful is how do you make it when user b makes a file it sets his group to group 1?

right now it is setting the file to user a.usera

0
 
PhreonxCommented:
If I understood you correctly, you are trying to change the GROUP attribute. Well, to do this here's how:

For single files:
User_A:~> chgrp new_group_name filename
eg.: Change GROUP ownership of FileA from GroupA to GroupB do this:
User_A:~> chgrp GroupB FileA

For Directories [Recursively]:
User_A:~> chgrp -R new_group_name dir_name
eg.: Change GROUP ownership of DirA from GroupA to GroupB do this:
User_A:~> chgrp -R GroupB DirA

I'm not sure if this answer is the one you're looking for. If it is not, please rephrase your previous question and we'd be happy to help.
0
 
clintonm9Author Commented:
This is all done through a shared file smb link through windows.

I do not want them to have to change anything them self.

Am i making sense?
0
 
brettmjohnsonCommented:
> This is all done through a shared file smb link through windows.

You were kind of leaving out a bit of crucial information there, huh?
Kind of like complaining to the Doctor about a headache, but failing
to mention you were hit in the head with a hammer.



0
 
clintonm9Author Commented:
Sorry about that.

0
 
ahoffmannCommented:
please read my suggestion http:#16918088 again

> .. done through a shared file smb link
if you're talking abut Samba, then you have to set proper directory permissions for the use running cmbd *and* you need to configure smb.conf proper
0
 
clintonm9Author Commented:
is there a sticky to make a folder and its sub folder be public?

0
 
PhreonxCommented:
Hello
again your question is not providing enough information as to allow us to help you as much as we could. On to the question now.
I haven't been around EE for very long but I think that it doesn't work with stickies. Anyway, if you're looking for a way to share a folder [i.e. make it public] over samba, here's a very simple configuration:

[public] #Name of Public Share
      comment = Public Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = yes
      writeable = yes
        read only =no
        guest ok = yes

To make a folder private [i.e. users can login after they provide the right credentials], here's how:      

[private]
      comment = Private Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = no
      writeable = yes
      valid users = @private
      write list = @private
      directory mask = 0770      
      create mask = 0770

Of course, you will have to create a new user group [in the example above is "private"] and create a few users that belong to that group. Only those users can browse [or have any other access you grant them] that Private Folder.

Hope I helped ;)
0
 
ahoffmannCommented:
>  is there a sticky to make a folder and its sub folder be public?
what are you talking about? Unix file/folder permissions or Samba configuration?

Did you try what I suggested? Did you even make yourself used to smb.conf?
0
 
clintonm9Author Commented:
I did set up the smb.conf file myself.

Thanks Phreonx, i have never seen these commands:

directory mask = 0777
create mask = 0777

So i added them and it allowed all the new files to be shared. Unless they are in a protected dir.

Thanks again


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now