Solved

User and Group Question

Posted on 2006-06-15
14
430 Views
Last Modified: 2010-04-20
I have Group A, User A, & User B

User A is a part of Group A.

The problem:
When User A writes a file, User B can not delete that file and when User B writes a file User A can not delete the file.

I what everyone to be able to edit each other files and delete everything. Expect from Group A. This included when users makes new files.

0
Comment
Question by:clintonm9
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 23

Expert Comment

by:brettmjohnson
Comment Utility
There are a few ways to deal with this:

- The users must explicitly give group write permissions to files they wish others to modify/delete.  This is the default (safest) state.

- You can write a cron job that adds group write privs to all files in a specific shared directory tree.  This is often done, when you have a well known shared directory and don't want to burden the users with maintaining different privileges for files in shared space vs. non-shared space.

- You can do this by setting the umask for everyone in group A to 002 (and making Group A the default group for its members).  Generally this is discouraged, since it does not distinguish between shared space and unshared space.  [The umask is the default permissions mask for all files the user creates.]  
http://www.dartmouth.edu/~rc/help/faq/permissions.html

- You could use Access Control Lists (ACLs) rather than traditional Unix permissions.  This is probably the most preferable solution.



0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
the directory where the file resides must be of same group and have write permission for that group
0
 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
As hoffmann pointed out: it's the directory where user have to have write permissions to add/delete file. The ownership of the file is meaningless.
Unless the directory have sticky bit set (like /tmp has). If the sticky is in action - user can;t delete file wich he does not own.

Same applies to ACLs - it's still about directory permissions - not the file itself.
0
 
LVL 4

Expert Comment

by:Phreonx
Comment Utility
Hello,
Since you don't specify whether User_B belongs to the same group with User_A, I will try to cover both situations, when this is true and otherwise.

CASE1: User_B belongs to the same group with User_A

I'll try to give you an example. Suppose that User_A who belongs to Group_A creates a file like this under a Dummy directory:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Now suppose that User_B who belongs to Group_A too, does exactly the same to create a FileB under the Dummy directory:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r group. In order to enable inter-user rw access to files independently of who created the file, you need to add w permissions to the GROUP attribute for each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B to be able to delete the file I created:

User_A:~> chmod 664 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r w - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

CASE2: User_B belongs to Group_B, a different group to that of User_A
Same procedure. User_A creates a file under Dummy:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B creates another file under Dummy too:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_B   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r user and p e r group. In order to enable inter-group rw access to files, independently of the group the creator belongs to, you need to add w permissions to the WORLD attribute of each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B who is in a different group, be able to delete the file I created:

User_A:~> chmod 646 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r - - r w -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

Hope I helped ;)




0
 

Author Comment

by:clintonm9
Comment Utility
Okay, i have an okay understanding on how allthe permissions works and a little on group.

I guess what would be helpful is how do you make it when user b makes a file it sets his group to group 1?

right now it is setting the file to user a.usera

0
 
LVL 4

Expert Comment

by:Phreonx
Comment Utility
If I understood you correctly, you are trying to change the GROUP attribute. Well, to do this here's how:

For single files:
User_A:~> chgrp new_group_name filename
eg.: Change GROUP ownership of FileA from GroupA to GroupB do this:
User_A:~> chgrp GroupB FileA

For Directories [Recursively]:
User_A:~> chgrp -R new_group_name dir_name
eg.: Change GROUP ownership of DirA from GroupA to GroupB do this:
User_A:~> chgrp -R GroupB DirA

I'm not sure if this answer is the one you're looking for. If it is not, please rephrase your previous question and we'd be happy to help.
0
 

Author Comment

by:clintonm9
Comment Utility
This is all done through a shared file smb link through windows.

I do not want them to have to change anything them self.

Am i making sense?
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 23

Expert Comment

by:brettmjohnson
Comment Utility
> This is all done through a shared file smb link through windows.

You were kind of leaving out a bit of crucial information there, huh?
Kind of like complaining to the Doctor about a headache, but failing
to mention you were hit in the head with a hammer.



0
 

Author Comment

by:clintonm9
Comment Utility
Sorry about that.

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
please read my suggestion http:#16918088 again

> .. done through a shared file smb link
if you're talking abut Samba, then you have to set proper directory permissions for the use running cmbd *and* you need to configure smb.conf proper
0
 

Author Comment

by:clintonm9
Comment Utility
is there a sticky to make a folder and its sub folder be public?

0
 
LVL 4

Accepted Solution

by:
Phreonx earned 125 total points
Comment Utility
Hello
again your question is not providing enough information as to allow us to help you as much as we could. On to the question now.
I haven't been around EE for very long but I think that it doesn't work with stickies. Anyway, if you're looking for a way to share a folder [i.e. make it public] over samba, here's a very simple configuration:

[public] #Name of Public Share
      comment = Public Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = yes
      writeable = yes
        read only =no
        guest ok = yes

To make a folder private [i.e. users can login after they provide the right credentials], here's how:      

[private]
      comment = Private Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = no
      writeable = yes
      valid users = @private
      write list = @private
      directory mask = 0770      
      create mask = 0770

Of course, you will have to create a new user group [in the example above is "private"] and create a few users that belong to that group. Only those users can browse [or have any other access you grant them] that Private Folder.

Hope I helped ;)
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
>  is there a sticky to make a folder and its sub folder be public?
what are you talking about? Unix file/folder permissions or Samba configuration?

Did you try what I suggested? Did you even make yourself used to smb.conf?
0
 

Author Comment

by:clintonm9
Comment Utility
I did set up the smb.conf file myself.

Thanks Phreonx, i have never seen these commands:

directory mask = 0777
create mask = 0777

So i added them and it allowed all the new files to be shared. Unless they are in a protected dir.

Thanks again


0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now