Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

Group Permission Linux CentOS

I created a group and added users to that group. When users create directories and files the permission on that file/directory show the user not the group so other users in the group cannot acccess it until I do a "chown -R group:group /mnt/storage" and "chmod -R 0770 /mnt/storage/"

Is there a way to get the group to control the permission instead of the user?

See attached code...
[root@server TO VIDEO]# ls -la
total 5124
drwxrwx--- 7 group    group       4096 Oct 20 11:00 .
drwxrwx--- 6 group    group       4096 Oct 20 11:00 ..
drwxrwx--- 2 group    group       4096 Oct 11 08:24 10.07.11
drwxrwx--- 2 group    group       4096 Oct 14 16:09 10.13.11
---------- 1 user1     user1           0 Oct 10 16:42 407_DK_C1_Caleb Caballero.aif
-rwxrwx--- 1 user2 user2    4096 Oct 18 15:11 ._407_DK_C1_Finlee Mills.aif
-rwxrwx--- 1 user2 user2 1630860 Oct 10 16:42 407_DK_C1_Finlee Mills.aif
-rwxrwx--- 1 user2 user2    4096 Oct 18 15:11 ._407_DK_C2_Dylan Arrighi.aif
-rwxrwx--- 1 user2 user2 1838000 Oct 10 16:49 407_DK_C2_Dylan Arrighi.aif
-rwxrwx--- 1 user2 user2    4096 Oct 18 15:11 ._407_DK_C3_Lillian Annabelle.aif
-rwxrwx--- 1 user2 user2 1688204 Oct 10 17:00 407_DK_C3_Lillian Annabelle.aif
drwxrwx--- 2 group    group       4096 Aug 31 18:41 8.31.11
drwxrwx--- 2 group    group       4096 Sep  8 17:10 9.07.11
drwxrwx--- 2 group    group       4096 Sep 12 16:58 9.12.11 ADR
-rwxrwx--- 1 group    group       4096 Jul 29 04:20 ._.DS_Store
-rwxrwx--- 1 group    group       6148 Oct 20 11:43 .DS_Store
[root@server TO VIDEO]# chown -R group:group /mnt/storage

[root@server TO VIDEO]# ls -la
total 5124
drwxrwx--- 7 group group    4096 Oct 20 11:00 .
drwxrwx--- 6 group group    4096 Oct 20 11:00 ..
drwxrwx--- 2 group group    4096 Oct 11 08:24 10.07.11
drwxrwx--- 2 group group    4096 Oct 14 16:09 10.13.11
---------- 1 group group       0 Oct 10 16:42 407_DK_C1_Caleb Caballero.aif
-rwxrwx--- 1 group group    4096 Oct 18 15:11 ._407_DK_C1_Finlee Mills.aif
-rwxrwx--- 1 group group 1630860 Oct 10 16:42 407_DK_C1_Finlee Mills.aif
-rwxrwx--- 1 group group    4096 Oct 18 15:11 ._407_DK_C2_Dylan Arrighi.aif
-rwxrwx--- 1 group group 1838000 Oct 10 16:49 407_DK_C2_Dylan Arrighi.aif
-rwxrwx--- 1 group group    4096 Oct 18 15:11 ._407_DK_C3_Lillian Annabelle.aif
-rwxrwx--- 1 group group 1688204 Oct 10 17:00 407_DK_C3_Lillian Annabelle.aif
drwxrwx--- 2 group group    4096 Aug 31 18:41 8.31.11
drwxrwx--- 2 group group    4096 Sep  8 17:10 9.07.11
drwxrwx--- 2 group group    4096 Sep 12 16:58 9.12.11 ADR
-rwxrwx--- 1 group group    4096 Jul 29 04:20 ._.DS_Store
-rwxrwx--- 1 group group    6148 Oct 20 11:43 .DS_Store
[root@server TO VIDEO]# chmod -R 0770 /mnt/storage/

[root@server TO VIDEO]#
[root@server TO VIDEO]# ls -la
total 5124
drwxrwx--- 7 group group    4096 Oct 20 11:00 .
drwxrwx--- 6 group group    4096 Oct 20 11:00 ..
drwxrwx--- 2 group group    4096 Oct 11 08:24 10.07.11
drwxrwx--- 2 group group    4096 Oct 14 16:09 10.13.11
-rwxrwx--- 1 group group       0 Oct 10 16:42 407_DK_C1_Caleb Caballero.aif
-rwxrwx--- 1 group group    4096 Oct 18 15:11 ._407_DK_C1_Finlee Mills.aif
-rwxrwx--- 1 group group 1630860 Oct 10 16:42 407_DK_C1_Finlee Mills.aif
-rwxrwx--- 1 group group    4096 Oct 18 15:11 ._407_DK_C2_Dylan Arrighi.aif
-rwxrwx--- 1 group group 1838000 Oct 10 16:49 407_DK_C2_Dylan Arrighi.aif
-rwxrwx--- 1 group group    4096 Oct 18 15:11 ._407_DK_C3_Lillian Annabelle.aif
-rwxrwx--- 1 group group 1688204 Oct 10 17:00 407_DK_C3_Lillian Annabelle.aif
drwxrwx--- 2 group group    4096 Aug 31 18:41 8.31.11
drwxrwx--- 2 group group    4096 Sep  8 17:10 9.07.11
drwxrwx--- 2 group group    4096 Sep 12 16:58 9.12.11 ADR
-rwxrwx--- 1 group group    4096 Jul 29 04:20 ._.DS_Store
-rwxrwx--- 1 group group    6148 Oct 20 11:43 .DS_Store
[root@server TO VIDEO]#

Open in new window

0
andersenks
Asked:
andersenks
2 Solutions
 
xtermCommented:
You need to set the users' default umask to 0770.  If they are ssh'ing in, you can do it in their shell .rc files, but if its via FTP, you'll probably have to set that mask in the actual FTP server config file.

If you give me more context, I can give you more details.
0
 
andersenksAuthor Commented:
They are connecting via SMB localy with their usernames.
0
 
xtermCommented:
You will need to set this using the "create mask" directive.  See here:
http://lists.samba.org/archive/samba/2003-March/063429.html
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
TintinCommented:
You need to use the sguid bit on the directory.  This will force any files/directories created under it to have the same group as the top level directory

chmod g+s /mnt/storage
0
 
andersenksAuthor Commented:
Will try... chmod g+s /mnt/storage

See attatched smb.conf file
0
 
andersenksAuthor Commented:
smb.conf
[global]

        # logs split per machine
;       log file = /var/log/samba/%m.log
        # max 50KB per log file, then rotate
;       max log size = 5000

log level = 2

netbios name = group
workgroup = workgroup
server string = yogabba storage server
security = user

[homes]
        comment = Home Directories
        path = /home/%U
        valid users = %S
        read only = No
        browseable = No
        writeable = yes
        create mode = 0775

[storage]
path = /mnt/storage
writeable = yes
validusers = @group

Open in new window

0
 
vk3kjcCommented:
You need to change the SMB configuration to force the files to be created with the required group.

In /etc/samba/smb.conf add:

  force group = group

to the parameters for the particular share.

If necessary, also set or change the create mask and directory mask parameters.

EG:

  create mask = 770
  directory mask = 770

(or whatever permissions you require.)
0
 
andersenksAuthor Commented:
Like this?
[global]

        # logs split per machine
;       log file = /var/log/samba/%m.log
        # max 50KB per log file, then rotate
;       max log size = 5000

log level = 2

netbios name = group
workgroup = workgroup
server string = storage server
security = user

[homes]
        comment = Home Directories
        path = /home/%U
        valid users = %S
        read only = No
        browseable = No
        writeable = yes
        create mode = 0775

[storage]
path = /mnt/storage
writeable = yes
force group = group
validusers = @group
create mask = 770
directory mask = 770

Open in new window

0
 
xtermCommented:
That looks good, although you need a space in "valid users", and you might want to tab indent your lines for readability purposes.
0
 
andersenksAuthor Commented:
Looks like that took care of it... thanks guys.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now