Solved

Group Ownership Chgrp

Posted on 2014-03-02
7
273 Views
Last Modified: 2014-03-11
in Linux if a group has Read only permission or Read /Write on a folder, even if you give it ownership it would keep just the same permission, I thought it would have full rights (R/W/E)
Wanted just to make sure my understanding is right.

thanks
0
Comment
Question by:jskfan
7 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 200 total points
Comment Utility
not sure what you are asking here.

Post and example
ls -l  /path/to/directory
as well as getfacl  /path/to/directory

ownership is given to user or group (chown and chgrp)
Changing ownership may have no effect if the group has no permissions.

i.e.
directory is
ls -l directory
drwx------ user groupname
you run chgrp newgroup directory
the result will be members of the newgroup will still have no access to the data within directory

ls -l directory
drwx------ user newgroup

group ownership changes can only be done by admin/root.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 100 total points
Comment Utility
see any default permission is depends on the umask value defined under your system, which can be checked with #umask command ...

Default is 0022 that means for folder default permissions is (0777 - 0022 = 0755) and for files it will be (0666 - 0022 = 0644) in case you want to change umask change it by using the same command #umask <####>

Hope i am clear with it.

TY/SA
0
 
LVL 5

Assisted Solution

by:Dave Gould
Dave Gould earned 100 total points
Comment Utility
A file has an owner, and a group associated with it. The chgrp changes the group that is associated to it but does not make the group "owner" of the file. It simply means that the rights given to the group part, apply to the group mentionned.

ie file dave has the following rights :    r w x r _ x r _ _
It is owned by dave and has group mygroup associated to it.
The first 3 chars (r w x ) are for dave
The next 3 chars (r _ x) are for the members of the group mygroup. You can see from the example that mygroup has read and execute but not write. You see, it os not a group ownreship but group association that we are giving.

The last 3 chars (r_ _ ) are for anybody that is neither dave nor a member of the group mygroup
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:jskfan
Comment Utility
In my previous questions, I made windows/linux analogy…I guess I was right then…
in Linux Chgrp , is like adding a group to ACL in windows, Chmod in Linux, is like ticking on/off permissions in windows (they are called ACE, Access list Entries)

However , I am not sure if you give a linux group ownership , then you give it only Read/execute, would that group be able to assign  permissions to other users ?
0
 
LVL 76

Accepted Solution

by:
arnold earned 200 total points
Comment Utility
no.

In windows the addition of a group also adds rights for group members which is not how it works in linux. i.e. security tab add group, it then asks what rights the group has.

In linux, the group that is assigned to a newly created file/directory is determined by the primary group to which the user creating the item belongs.
i.e. usera has users as the default/primary group (/etc/passwd)
userb has admin as the default/primary group
id usera (gid) groups= reflects all other groups to which this user belongs -g maingroup -G list of additional groups when creatign a user (useradd)
id userb

usera creates a file which is now reflected as owner usera and group users.
userb creates a file which is now reflected as owner userb and group admin.

Sandy and trappa covvered the default access settings which are controlled by the negative/exclusionary umask.  I.e. an option in umask is taken out of the real permission.
Every directory starts with 777 every file starts with 666.
chgrp will enforce restriction such that usera while being able to control access permissions on a file or directory they created using chmod, will not be allowed to chgrp to a group of which the user is not a member.

The issue deals with security.
a user can using chmod set a file to be suid/sgid meaning when executed/ran the file will have either the owner's privileges and/or the group.

.........
of track.

Thinks this should cover your question.
0
 
LVL 16

Assisted Solution

by:Joseph Gan
Joseph Gan earned 100 total points
Comment Utility
One point don't know anyone has memtioned above, if you want to give a group to create files under a folder, read/write permission is not enough, you need excute permission as well. This is different to a file.
0
 

Author Closing Comment

by:jskfan
Comment Utility
Thank you
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now