[SOLVED]Owners, groups and permissions confusion

If none of the more specific forums is the right place to ask

[SOLVED]Owners, groups and permissions confusion

Postby ozgta » 2010-07-13 01:14

I am used to setting up users and groups on my daughters computers with Ubuntu installed.
user: magz (dauther)
user: nigel (me)
group: nima

We each have our own folder for files i.e. magz and nige. This has always worked well and it didn't matter which user is logged in we could create and access files in the other users folder with full permissions.

Code: Select all
root@nbsq: /media/2xfi/files# ls -l
total 8
drwxrwxr-x 9 nigel nima 4096 Jul 13 09:45 magz
drwxrwxr-x 3 nigel nima 4096 Jul 13 09:45 nige


I have finally got around to getting her to try Debian which I always use, however I have never had to set up users, groups etc in Debian (squeeze) so I just did what I'm used to with Ubuntu.
What I've found is that if I create a folder while I am logged in then that folder cannot be acessed by my daughter when she is logged in and the same applies if she creates a folder then I cannot access it when I am logged in, unless of course I use terminal to change the owners.
In each case with the new folder the owner will be: root and the group will be: root
I would have thought what works for Ubuntu would work for Debian, however there must be differences.
Can someone explain where I may have gone wrong.
I hope I have supplied enough imfomation.
Last edited by ozgta on 2010-07-18 20:35, edited 1 time in total.
User avatar
ozgta
 
Posts: 444
Joined: 2009-05-25 02:32
Location: Nth Qld

Re: Owners, groups and permissions confusion

Postby fsmithred » 2010-07-13 13:10

You need to set the umask somewhere, but I'm not certain what the best way to do that is right now. Here's an older discussion about it - viewtopic.php?f=5&t=40886
I think you'd want umask=002
fsmithred
 
Posts: 1872
Joined: 2008-01-02 14:52

Re: Owners, groups and permissions confusion

Postby bluesdog » 2010-07-14 03:49

The setuid bit has no meaning on a directory, but the setgid bit does. It means that files created in that directory will inherit the directory's group ownership, instead of the gid of whoever made them. When combined with a umask that permits group write privileges (such as 002), this is useful in setting up an area where a group of users can work together.


http://wiki.debian.org/Permissions
User avatar
bluesdog
 
Posts: 2082
Joined: 2006-02-01 09:02
Location: Similkameen, British Columbia, Canada

Re: Owners, groups and permissions confusion

Postby ozgta » 2010-07-14 20:45

Thanks, Ill have a read and post a reply.
User avatar
ozgta
 
Posts: 444
Joined: 2009-05-25 02:32
Location: Nth Qld

Re: Owners, groups and permissions confusion

Postby thewanderer » 2010-07-15 22:48

I once made a tutorial:
viewtopic.php?f=16&t=40627

Read it, get to the part on ACL, and you're set.
thewanderer
 
Posts: 416
Joined: 2007-03-19 18:11
Location: my desk, Warsaw, Poland

Re: Owners, groups and permissions confusion

Postby ozgta » 2010-07-15 23:55

thanks thewanderer,
I read the previous link supplied by bluesdog (thanks) however I had success on one computer but not on another, frustrating!!
I also found a Debian Wiki suggesting to alter UMASK 022 to 002 in /etc/profile and /etc/login.defs. I did this and I hope I was supposed to, being a novice it's often scary making changes and they can have horrible results, although they now occur much less often :D

I'll now read your How To, and respond soon.
User avatar
ozgta
 
Posts: 444
Joined: 2009-05-25 02:32
Location: Nth Qld

Re: Owners, groups and permissions confusion

Postby thewanderer » 2010-07-16 07:28

Hm, setting umask to 002 system-wide is not a very wise thing to do, unless you are sitting among saints whom you entrust with all your secrets. By using umask of 002, every member of your group can, by default, read and write all files you create - that is not what you want, I guess.
You'd better revert this change to what it was (022, although a really secure one is 077, that's my two cents) and use either ACL or directory chmod (say, 1770) + sticky bit hence the 1 in front.
thewanderer
 
Posts: 416
Joined: 2007-03-19 18:11
Location: my desk, Warsaw, Poland

Re: Owners, groups and permissions confusion

Postby fsmithred » 2010-07-16 12:03

The OP does want every member of the group to be able to read and write files in the common area. Since it's a home computer, I don't think there's a problem with umask=002 system-wide, but to restrict it to only nigel and magz, that could have been put in each user's .profile. To prevent each from seeing files in their respective home directories, permissions could be restricted there. The setgid that bluesdog suggested will allow them to edit each others files in the common area.

I just tried this, and it works as intended.

Code: Select all
addgroup common
adduser fred common
adduser mary common
mkdir common_data 
chgrp common common_data
chmod 2775 common_data  #could be 2770 if other family members shouldn't read those files
chmod 700 /home/fred
chmod 700 /home/mary

Edit /home/fred/.profile and /home/mary/.profile to make umask=002
Log out and log in again to so that changes take effect.
Now fred and mary have read/write permissions in common_data, and the files/directories are owned by common group, and either one can read/write all those files. Neither user can access the other's home.

I didn't do anything with pam, so according to the note in .profile, this won't work if I'm logged in through ssh. And I'm still not clear on the gdm bug.

Edited to remove an inconsistency in paths.
fsmithred
 
Posts: 1872
Joined: 2008-01-02 14:52

Re: Owners, groups and permissions confusion

Postby thewanderer » 2010-07-16 12:55

You are correct, except for the part where you neglect security on a home computer, which cannot be judged as right or wrong as it is subjective.

Another option does exist, and I am putting it here for reference - in my opinion, it should be done with ACL because it allows for a fine-grained control (ie applying default access rights only to a directory and not to every file after login!). Have a look at this:
http://www.vanemery.com/Linux/ACL/linux ... ml#default

This is default ACL which allow to define an ACL entry to be inherited by subdirectories. It seems to fit the case perfectly, and I am always for a solution which does not bring any side effects. Cheers!
(BTW, I'm updating my tutorial with this wonderful default ACL thing shortly)
thewanderer
 
Posts: 416
Joined: 2007-03-19 18:11
Location: my desk, Warsaw, Poland

Re: Owners, groups and permissions confusion

Postby ozgta » 2010-07-18 20:35

All's good,
nigel; user
magz; user
nima; group

What I did:
#chown root:nima <directoty>
#chmod g+s <directoty>

And that was about it, now we can both rwx in the directory common to both of us no matter who is logged in.
I works, please tell me if there is something else I should have done.
Security isn't a big issue, it's just my daughter and myself using the computer.

Thanks everyone for you help.
User avatar
ozgta
 
Posts: 444
Joined: 2009-05-25 02:32
Location: Nth Qld

Re: [SOLVED]Owners, groups and permissions confusion

Postby AnInkedSoul » 2010-07-18 22:46

why would you change the owner to root ???
AnInkedSoul
 
Posts: 461
Joined: 2010-06-11 05:05

Re: [SOLVED]Owners, groups and permissions confusion

Postby ozgta » 2010-07-18 23:15

I don't think I set it that way, to be honest I made and unmade many changes that I cannot recall, what I do remember is that it happened by default, and since it solved the problem I left it as it was.
User avatar
ozgta
 
Posts: 444
Joined: 2009-05-25 02:32
Location: Nth Qld

Re: [SOLVED]Owners, groups and permissions confusion

Postby fsmithred » 2010-07-19 03:40

If the directory is a common area outside of the users' homes, it would have started out as root:root.
fsmithred
 
Posts: 1872
Joined: 2008-01-02 14:52

Re: [SOLVED]Owners, groups and permissions confusion

Postby ozgta » 2010-07-19 03:47

yes it is outside home, it's a separate data partition and it did start out as root:root
does it matter that it is root:nima?

Thing is if directories were created when magz was logged in it would read:
drwxr-xr-x 9 magz nima 4096 Jul 13 09:45 mp3

and if nige was logged in it would read;
drwxr-xr-x 3 nigel nima 4096 Jul 13 09:45 pictures

In each case I had to add g+w for the other user to w to the files even though I had set g+w -R for the master directory (hope that makes sense)
This is where it differed from Ubuntu as I could set g+w -R and it would work fine. With Squeeze when I g+w -R it didn't work I still had to manually apply it to each new directory created.
I wouldn't have thought it would have made a difference whether it was Ubuntu or Debian I reasoned that the same commands would apply.
User avatar
ozgta
 
Posts: 444
Joined: 2009-05-25 02:32
Location: Nth Qld


Return to General Questions

Who is online

Users browsing this forum: No registered users and 14 guests

fashionable