• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

Group Ownership Chgrp

in Linux if a group has Read only permission or Read /Write on a folder, even if you give it ownership it would keep just the same permission, I thought it would have full rights (R/W/E)
Wanted just to make sure my understanding is right.

thanks
0
jskfan
Asked:
jskfan
5 Solutions
 
arnoldCommented:
not sure what you are asking here.

Post and example
ls -l  /path/to/directory
as well as getfacl  /path/to/directory

ownership is given to user or group (chown and chgrp)
Changing ownership may have no effect if the group has no permissions.

i.e.
directory is
ls -l directory
drwx------ user groupname
you run chgrp newgroup directory
the result will be members of the newgroup will still have no access to the data within directory

ls -l directory
drwx------ user newgroup

group ownership changes can only be done by admin/root.
0
 
SandyCommented:
see any default permission is depends on the umask value defined under your system, which can be checked with #umask command ...

Default is 0022 that means for folder default permissions is (0777 - 0022 = 0755) and for files it will be (0666 - 0022 = 0644) in case you want to change umask change it by using the same command #umask <####>

Hope i am clear with it.

TY/SA
0
 
Dave GouldCommented:
A file has an owner, and a group associated with it. The chgrp changes the group that is associated to it but does not make the group "owner" of the file. It simply means that the rights given to the group part, apply to the group mentionned.

ie file dave has the following rights :    r w x r _ x r _ _
It is owned by dave and has group mygroup associated to it.
The first 3 chars (r w x ) are for dave
The next 3 chars (r _ x) are for the members of the group mygroup. You can see from the example that mygroup has read and execute but not write. You see, it os not a group ownreship but group association that we are giving.

The last 3 chars (r_ _ ) are for anybody that is neither dave nor a member of the group mygroup
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jskfanAuthor Commented:
In my previous questions, I made windows/linux analogy…I guess I was right then…
in Linux Chgrp , is like adding a group to ACL in windows, Chmod in Linux, is like ticking on/off permissions in windows (they are called ACE, Access list Entries)

However , I am not sure if you give a linux group ownership , then you give it only Read/execute, would that group be able to assign  permissions to other users ?
0
 
arnoldCommented:
no.

In windows the addition of a group also adds rights for group members which is not how it works in linux. i.e. security tab add group, it then asks what rights the group has.

In linux, the group that is assigned to a newly created file/directory is determined by the primary group to which the user creating the item belongs.
i.e. usera has users as the default/primary group (/etc/passwd)
userb has admin as the default/primary group
id usera (gid) groups= reflects all other groups to which this user belongs -g maingroup -G list of additional groups when creatign a user (useradd)
id userb

usera creates a file which is now reflected as owner usera and group users.
userb creates a file which is now reflected as owner userb and group admin.

Sandy and trappa covvered the default access settings which are controlled by the negative/exclusionary umask.  I.e. an option in umask is taken out of the real permission.
Every directory starts with 777 every file starts with 666.
chgrp will enforce restriction such that usera while being able to control access permissions on a file or directory they created using chmod, will not be allowed to chgrp to a group of which the user is not a member.

The issue deals with security.
a user can using chmod set a file to be suid/sgid meaning when executed/ran the file will have either the owner's privileges and/or the group.

.........
of track.

Thinks this should cover your question.
0
 
Joseph GanSystem AdminCommented:
One point don't know anyone has memtioned above, if you want to give a group to create files under a folder, read/write permission is not enough, you need excute permission as well. This is different to a file.
0
 
jskfanAuthor Commented:
Thank you
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now