Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

User and Group Question

Posted on 2006-06-15
14
Medium Priority
?
437 Views
Last Modified: 2010-04-20
I have Group A, User A, & User B

User A is a part of Group A.

The problem:
When User A writes a file, User B can not delete that file and when User B writes a file User A can not delete the file.

I what everyone to be able to edit each other files and delete everything. Expect from Group A. This included when users makes new files.

0
Comment
Question by:clintonm9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 23

Expert Comment

by:brettmjohnson
ID: 16917608
There are a few ways to deal with this:

- The users must explicitly give group write permissions to files they wish others to modify/delete.  This is the default (safest) state.

- You can write a cron job that adds group write privs to all files in a specific shared directory tree.  This is often done, when you have a well known shared directory and don't want to burden the users with maintaining different privileges for files in shared space vs. non-shared space.

- You can do this by setting the umask for everyone in group A to 002 (and making Group A the default group for its members).  Generally this is discouraged, since it does not distinguish between shared space and unshared space.  [The umask is the default permissions mask for all files the user creates.]  
http://www.dartmouth.edu/~rc/help/faq/permissions.html

- You could use Access Control Lists (ACLs) rather than traditional Unix permissions.  This is probably the most preferable solution.



0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16918088
the directory where the file resides must be of same group and have write permission for that group
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 16918119
As hoffmann pointed out: it's the directory where user have to have write permissions to add/delete file. The ownership of the file is meaningless.
Unless the directory have sticky bit set (like /tmp has). If the sticky is in action - user can;t delete file wich he does not own.

Same applies to ACLs - it's still about directory permissions - not the file itself.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 4

Expert Comment

by:Phreonx
ID: 16918250
Hello,
Since you don't specify whether User_B belongs to the same group with User_A, I will try to cover both situations, when this is true and otherwise.

CASE1: User_B belongs to the same group with User_A

I'll try to give you an example. Suppose that User_A who belongs to Group_A creates a file like this under a Dummy directory:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Now suppose that User_B who belongs to Group_A too, does exactly the same to create a FileB under the Dummy directory:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_A   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r group. In order to enable inter-user rw access to files independently of who created the file, you need to add w permissions to the GROUP attribute for each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B to be able to delete the file I created:

User_A:~> chmod 664 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r w - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

CASE2: User_B belongs to Group_B, a different group to that of User_A
Same procedure. User_A creates a file under Dummy:
ls -lah . > /Dummy/FileA
When you do an ls -lah /Dummy/FileA you get the following defaults:
- r w - r - - r - -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B creates another file under Dummy too:
ls -lah . > /Dummy/FileB
Similarly an ls -lah . > /Dummy/FileB returns the following:
- r w - r - - r - -   User_B   Group_B   size[KB]   last_modification_date   last_modification_time   filename

Notice how the USER attribute changes p e r user and p e r group. In order to enable inter-group rw access to files, independently of the group the creator belongs to, you need to add w permissions to the WORLD attribute of each file you want to enable such access.

eg: Let's assume I'm User_A and I want to let User_B who is in a different group, be able to delete the file I created:

User_A:~> chmod 646 /Dummy/FileA
User_A:~> ls -lah /Dummy/FileA
- r w - r - - r w -   User_A   Group_A   size[KB]   last_modification_date   last_modification_time   filename

User_B should now have rw access to FileA.

Hope I helped ;)




0
 

Author Comment

by:clintonm9
ID: 16919709
Okay, i have an okay understanding on how allthe permissions works and a little on group.

I guess what would be helpful is how do you make it when user b makes a file it sets his group to group 1?

right now it is setting the file to user a.usera

0
 
LVL 4

Expert Comment

by:Phreonx
ID: 16919841
If I understood you correctly, you are trying to change the GROUP attribute. Well, to do this here's how:

For single files:
User_A:~> chgrp new_group_name filename
eg.: Change GROUP ownership of FileA from GroupA to GroupB do this:
User_A:~> chgrp GroupB FileA

For Directories [Recursively]:
User_A:~> chgrp -R new_group_name dir_name
eg.: Change GROUP ownership of DirA from GroupA to GroupB do this:
User_A:~> chgrp -R GroupB DirA

I'm not sure if this answer is the one you're looking for. If it is not, please rephrase your previous question and we'd be happy to help.
0
 

Author Comment

by:clintonm9
ID: 16922448
This is all done through a shared file smb link through windows.

I do not want them to have to change anything them self.

Am i making sense?
0
 
LVL 23

Expert Comment

by:brettmjohnson
ID: 16922608
> This is all done through a shared file smb link through windows.

You were kind of leaving out a bit of crucial information there, huh?
Kind of like complaining to the Doctor about a headache, but failing
to mention you were hit in the head with a hammer.



0
 

Author Comment

by:clintonm9
ID: 16923158
Sorry about that.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16925953
please read my suggestion http:#16918088 again

> .. done through a shared file smb link
if you're talking abut Samba, then you have to set proper directory permissions for the use running cmbd *and* you need to configure smb.conf proper
0
 

Author Comment

by:clintonm9
ID: 16926871
is there a sticky to make a folder and its sub folder be public?

0
 
LVL 4

Accepted Solution

by:
Phreonx earned 500 total points
ID: 16926937
Hello
again your question is not providing enough information as to allow us to help you as much as we could. On to the question now.
I haven't been around EE for very long but I think that it doesn't work with stickies. Anyway, if you're looking for a way to share a folder [i.e. make it public] over samba, here's a very simple configuration:

[public] #Name of Public Share
      comment = Public Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = yes
      writeable = yes
        read only =no
        guest ok = yes

To make a folder private [i.e. users can login after they provide the right credentials], here's how:      

[private]
      comment = Private Folder
      path = /Your/Path/To/The/Folder/You/Want_to_Share
      public = no
      writeable = yes
      valid users = @private
      write list = @private
      directory mask = 0770      
      create mask = 0770

Of course, you will have to create a new user group [in the example above is "private"] and create a few users that belong to that group. Only those users can browse [or have any other access you grant them] that Private Folder.

Hope I helped ;)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16926977
>  is there a sticky to make a folder and its sub folder be public?
what are you talking about? Unix file/folder permissions or Samba configuration?

Did you try what I suggested? Did you even make yourself used to smb.conf?
0
 

Author Comment

by:clintonm9
ID: 16927482
I did set up the smb.conf file myself.

Thanks Phreonx, i have never seen these commands:

directory mask = 0777
create mask = 0777

So i added them and it allowed all the new files to be shared. Unless they are in a protected dir.

Thanks again


0

Featured Post

How to Create Failover DNS Record Sets in Route 53

Route 53 has the ability to easily configure DNS record sets specifically for failover scenarios. These failover record sets can be configured to failover to full-blown deployments in other regions or to a static HTML page that informs your customers of the issue.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question