ttist25
asked on
Linux File Permissions
Hello,
I'm having some difficulty with file and directory permissions in Linux. I've read and watched a number of tutorials but I'm still missing something.
I've got an Ubuntu Server v 12.04
I created a group named 'datausers'
I want to add a folder '/data'
I want members of the datausers group to be able to:
I've tried using the sticky bit and -R but I'm not getting the desired behavior.
Any help will be greatly appreciated.
Thanks!
I'm having some difficulty with file and directory permissions in Linux. I've read and watched a number of tutorials but I'm still missing something.
I've got an Ubuntu Server v 12.04
I created a group named 'datausers'
I want to add a folder '/data'
I want members of the datausers group to be able to:
Create, edit, and delete sub-directories under /data
Create, edit, and delete files under /data
I've tried using the sticky bit and -R but I'm not getting the desired behavior.
Any help will be greatly appreciated.
Thanks!
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
you need to give write perm to the group of /data
chmod g+w /data
now, for files or subdirs that will be created under /data , users of the same group can delete but for files created by other users, they can delete files, but for editing it will really depend on permissions given by owners of these files. Owners of files must give write perm to the group of these files
chmod g+w /data
now, for files or subdirs that will be created under /data , users of the same group can delete but for files created by other users, they can delete files, but for editing it will really depend on permissions given by owners of these files. Owners of files must give write perm to the group of these files
Sticky bit is not for this purpose, so from the description you don't need sticky bit and you don't have it either.
How did you give the groups to the users. Did you use -G or -g to add group?
Issue command
id username
If it is not the primary group of the user, make it primary.
How did you give the groups to the users. Did you use -G or -g to add group?
Issue command
id username
If it is not the primary group of the user, make it primary.
ASKER
I used usermod -a -G datausers datauser1
So sticky bit is not what I need? I will review that again to try to understand it better.
What would I need to do to get the desired behavior described above (group members have the same permissions by default as owner permissions)?
Thanks again for the help.
datauser1@ubuntu12-04-2:/$ id datauser1
uid=1003(datauser1) gid=1005(datauser1) groups=1005(datauser1),100 4(datauser s)
datauser1@ubuntu12-04-2:/$
uid=1003(datauser1) gid=1005(datauser1) groups=1005(datauser1),100
datauser1@ubuntu12-04-2:/$
So sticky bit is not what I need? I will review that again to try to understand it better.
What would I need to do to get the desired behavior described above (group members have the same permissions by default as owner permissions)?
Thanks again for the help.
Did you read my comments?
ASKER
I did omarfarid. Thank you.
If I understand you correctly, I should run:
or I could do it this way:
Is that right?
I also looked up the sticky bit again and, if I understand correctly, setting that is somewhat the opposite of what I'm trying to do.
But ultimately I'd like all members of the datusers group to have full control over all of the files and subfolders created by any datusers group member by default.
Is there a way to do that?
If I understand you correctly, I should run:
chmod g+w /data
to end up with drwxrwx---or I could do it this way:
sudo chmod 770 /data
Is that right?
I also looked up the sticky bit again and, if I understand correctly, setting that is somewhat the opposite of what I'm trying to do.
But ultimately I'd like all members of the datusers group to have full control over all of the files and subfolders created by any datusers group member by default.
Is there a way to do that?
the commands you showed are ok, except that chmod 770 will remove perms for others.
The perms on files and subdirs that will be created will really depend on the way they are created and the umask of each user creating them. Same for the ownership of these files and subdirs
The perms on files and subdirs that will be created will really depend on the way they are created and the umask of each user creating them. Same for the ownership of these files and subdirs
So yes your users look good.
About stick bit:
About stick bit:
When the sticky bit is set, only the item's owner, the directory's owner, or the superuser can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner.
ASKER
Ok - I did a little more work and I think I've got it. If you guys could check me:
So far it looks like I can do everything I want with any of the users.
Is there anything glaring that I might have done that could be a problem? (I know that Others have no access).
sudo chmod 770 -R data
sudo chmod g+s data
logged out then back in. This may have been the part that messed me up late last night! :)
So far it looks like I can do everything I want with any of the users.
Is there anything glaring that I might have done that could be a problem? (I know that Others have no access).
In Linux, permissions get applied immediately and you don't need to logout and relogin.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks to all of you. It was a great help!
ASKER
I started over and here's what I've done so far:
This is where I've stopped.
I would like any user in the datausers group to be able to create, edit, delete any subdirectory or file created by any member of the datausers group by default.
So if I have datauser1 create a sub-directory under /data, datauser2 would be able to create, edit, delete any files or folders in that sub-directory. Essentially all members of the datausers group would have the same permissions (770) on any file or folder created under /data.
Thanks again - I know this should be simple but for some reason I'm having difficulty with it.