Link to home
Create AccountLog in
Avatar of ttist25
ttist25

asked on

Linux File Permissions

Hello,

I'm having some difficulty with file and directory permissions in Linux.  I've read and watched a number of tutorials but I'm still missing something.  

I've got an Ubuntu Server v 12.04
I created a group named 'datausers'
I want to add a folder '/data'
I want members of the datausers group to be able to:
Create, edit, and delete sub-directories under /data
Create, edit, and delete files under /data


I've tried using the sticky bit and -R but I'm not getting the desired behavior.  

Any help will be greatly appreciated.  

Thanks!
SOLUTION
Avatar of Johnson_prem
Johnson_prem

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Avatar of omarfarid
omarfarid
Flag of United Arab Emirates image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of ttist25
ttist25

ASKER

Thanks for the help guys.

I started over and here's what I've done so far:

sudo mkdir /data
ls -ld /data shows drwxr-xr-x 2 root root
sudo chgrp datausers /data
ls -ld /data shows drwxr-xr-x 2 root datausers
created two users datauser1 and datauser2
added both users to the datausers group

This is where I've stopped.  

I would like any user in the datausers group to be able to create, edit, delete any subdirectory or file created by any member of the datausers group by default.

So if I have datauser1 create a sub-directory under /data, datauser2 would be able to create, edit, delete any files or folders in that sub-directory.  Essentially all members of the datausers group would have the same permissions (770) on any file or folder created under /data.  

Thanks again - I know this should be simple but for some reason I'm having difficulty with it.
you need to give write perm to the group of /data

chmod g+w /data

now, for files or subdirs that will be created under /data , users of the same group can delete but for files created by other users, they can delete files, but for editing it will really depend on permissions given by owners of these files. Owners of files must give write perm to the group of these files
Sticky bit is not for this purpose, so from the description you don't need sticky bit and you don't have it either.

How did you give the groups to the users.  Did you use -G or -g to add group?

Issue command
id username

If it is not the primary group of the user, make it primary.
Avatar of ttist25

ASKER

I used usermod -a -G datausers datauser1

datauser1@ubuntu12-04-2:/$ id datauser1
uid=1003(datauser1) gid=1005(datauser1) groups=1005(datauser1),1004(datausers)
datauser1@ubuntu12-04-2:/$

So sticky bit is not what I need?  I will review that again to try to understand it better.  

What would I need to do to get the desired behavior described above (group members have the same permissions by default as owner permissions)?  

Thanks again for the help.
Did you read my comments?
Avatar of ttist25

ASKER

I did omarfarid.  Thank you.  
If I understand you correctly, I should run:
chmod g+w /data
to end up with drwxrwx---
or I could do it this way:
sudo chmod 770 /data

Is that right?  

I also looked up the sticky bit again and, if I understand correctly, setting that is somewhat the opposite of what I'm trying to do.  

But ultimately I'd like all members of the datusers group to have full control over all of the files and subfolders created by any datusers group member by default.  

Is there a way to do that?
the commands you showed are ok, except that chmod 770 will remove perms for others.

The perms on files and subdirs that will be created will really depend on the way they are created and the umask of each user creating them. Same for the ownership of these files and subdirs
So yes your users look good.

About stick bit:


When the sticky bit is set, only the item's owner, the directory's owner, or the superuser can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner.
Avatar of ttist25

ASKER

Ok - I did a little more work and I think I've got it.  If you guys could check me:
sudo chmod 770 -R data
sudo chmod g+s data
logged out then back in.  This may have been the part that messed me up late last night! :)

So far it looks like I can do everything I want with any of the users.  

Is there anything glaring that I might have done that could be a problem?  (I know that Others have no access).
In Linux, permissions get applied immediately and you don't need to logout and relogin.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of ttist25

ASKER

Thanks to all of you.  It was a great help!