Group Permissions

[mjstone03 0]

Lets say I created a group called "group1" with ten users, "user1,user2, etc." When assigning permissions to a folder(s) in linux, is it possible to assign r,w,x with the chmod command for that specified group, and not every group? Or is it the same as just giving ownership of the folder to group1 (chgrp)?

[egorgry 0]

If i'm understanding corectly you the users need to be in the group group1. you can just edit /etc/group and put the users in in the group file for the entry group1.

like so...

group1:user1,user2,user3

[mjstone03 0]

Actually, what I mean is, First I create the users, activate them, and place them in the group group1. Then I created a folder named Folder1 containing various files. How do I give read, write, and execute permissions for group1 for Folder1?

[egorgry 0]

ahh that's easy. chmod 770 folder1 will give read write execute ot the owener and the group. other will be denied all access to folder1. I've been using and working with HPUX,sun and Linux for five years now and i still get confused with all the chmod stuff.

[paultazzyman 0]

I think you should be using chown - try the man page its fairly self explanatory.

 

I think the command is "chown user:group file" but check first !!

[egorgry 0]

chown is for changing owner

chgrp is changing group

chmod is for changing permissions

 

chown -R monkey /home/monkey will change /home/monkey and everything under it to teh owner monkey

 

chgrp -R bannana /home/monkey will change /home/moneky and everthing under it to the group to banana

 

chown -R monkey:bannana will change both ownere and group of teh specified diirctory and all under it.

 

chmod -R 775 /home/monkey will change the permissions of /home/moneky and everthing under it to rwx by owner and group and r by other

 

chmod o-w will remove other write access

chmod g+x will give execute to the group

 

and so on.

 

so you never want to do this...

 

chmod -R 777 /

[mjstone03 0]

okay, but when you do a chmod 774, or 770, does it only give r,w,x permissions to the group that the person who created it belongs to? Or does it give the access to all groups? What I'm getting at is, what if that user belongs to multiple groups? How do you specify permissions to that particular group? Now I'm beginnging to confuse myself.

[egorgry 0]

chmod 770 will give permisions to the user and group specified on the directory so if the directory looks like this.

 

drwxrwx--- monkey bannana /folder1

 

then anyone who is in group bannana has rwx on the directory as does the owner in this case monkey

 

I thinks what you are confusing is that it doesn't have to be the users primary group. You can add your users to any group you want them to have access to.

 

For example I have all my music in a filesystem called /music it's owned by greg the group is music I give my wife read access to it by assign here user to group music and doing a chmod g+r /music

 

 

[paultazzyman 0]

chown and chgrp will set the correct permissions for the user and group without having to grant permissions to "world" with chmod !

 

Its a little safer if you have multiple users.

[egorgry 0]

Originally posted by paultazzyman:

Quote:

chown and chgrp will set the correct permissions for the user and group without having to grant permissions to "world" with chmod !

 

Its a little safer if you have multiple users.

 

This is assuming your default umask is set correctly or users don't have the a umask setting in the there profile of 000. How do you take write away from group or read write execute away from other with out teh use of chmod?

 

let's say I have a 10 users in group users and they all have read on each others files you will need to do a chmod g-r to remove read access to group but the owner still has read write and execute on what they own.

 

I'm not sure I understand your "world" statement the only way your giving permisions to the world is in the case of chmod 777.

[paultazzyman 0]

The use of chmod +x gives execute acces to all users. Same thing with chmod 777 and chmod +w and should be used only as a last resort.

 

Users and groups should be set up to ensure that read and execute permissions are allowed for the group and where needed additional groups with write permissions.

 

It needs a bit of analysis to tabulate who the users and groups are and what permissions are acceptable for each user and group - if you can't make it work on papaer it won't work in the machine. The rule is work out what you want ( and don't want ) and then implement it. The use of world execute and write permissions should be excluded by sensible analysis.

[egorgry 0]

you are right about chmod +x file giving execute to all but chmod go-x will remove it for group and other and I never suggested that mjstone03 give the world permissions only group.

[paultazzyman 0]

It really depends on the user environment - are you trying to set up a multi-user environment where specific groups MUST be denied access to executing,writing files or are you talking about a home/small office environment where you can trust people with ( possibly ) read and execute access.

 

As I siad write down your requirements on a piece of paper ( a matrix ) of groups and users and the access each user and/or group of users can be trusted with.

 

The answer will follow.

[mjstone03 0]

What I was looking to do was give rwx permissions to a group, lets say group1 with 10 users in it(the owner/creator of the file is in the group already). Others and other groups can have read access.

[paultazzyman 0]

Try "chmod 774 fileName"

[mjstone03 0]

So if I typed - chmod 774 filename - while logged in as root and aiming to give rwx access to the owner(user1),the owner's group(group1), and read permission to others, that command will only give rwx permissions to the user1 and group1? Or does it give access to the owner, group1, and every other group the owner(user1) belongs to, if he belongs to other groups? Maybe I'm making this more confusing than it really is, but I'm just not getting it.

[CrazyKillerMan 0]

Quote:

So if I typed - chmod 774 filename - while logged in as root and aiming to give rwx access to the owner(user1),the owner's group(group1), and read permission to others, that command will only give rwx permissions to the user1 and group1? Or does it give access to the owner, group1, and every other group the owner(user1) belongs to, if he belongs to other groups? Maybe I'm making this more confusing than it really is, but I'm just not getting it.

A file or dir has three permissions. An owner, a group, and other.

To give someone group access to a folder/file, see above for instructions. The permissions for a folder/file's group parameter is for that group. In this case, everyone who is a member og group1, will have the permissions that you assign to the group parameter of the file/folder. Users that are not the owner, or not in group1 (the group you changed the perms on the file/folder to) then will have "other" permissions.

So, with 774 - owner will have rwx, the members of group (group1) will have rwx, and everyone else (other) will have r.

I hope this explains it. There isnt any correlation between a user's identity, or of what groups they are a member of and the permissions set ona file/folder.

[paultazzyman 0]

My suggestion is create a file "junk.tmp" and, as root give it various permissions and then log in via other shells as other users on the system and see what you can do with the file. You may have to make it executable to test the "x" field.

 

Sounds dumb - but at the end permissions will no longer be a mystery !!

[egorgry 0]

Originally posted by paultazzyman:

Quote:

My suggestion is create a file "junk.tmp" and, as root give it various permissions and then log in via other shells as other users on the system and see what you can do with the file. You may have to make it executable to test the "x" field.

 

Sounds dumb - but at the end permissions will no longer be a mystery !!

 

This is not stupid at all sounds like a good way to just keep banging on it until you get the concept. I did the same thing when I was trying to understand the ln commands. Never for foget about the man pages.

man chown

man chmod

man chgrp.

crazykillers advise is good too. It explains how unix handles groups.

Hope this helps you visualize it a little better.

 

|d|rwx||rwx||---| monkey bannana /folder1

 

|d|= directory

the first block |rwx|= owner

the second block |rwx|= group

the last block |---|= other

 

[CrazyKillerMan 0]

I'm wondering maybe, if a person didnt know binary...or didnt relate it to this, how chmod 770 would not make sense.

 

I havent read through the whole post to a tee to see if that may be a possibility, but imagine this:

 

rwx

 

where the letters are simply translators for an on (r|w|x) or off(-) state.

With rwx, you would get 111 which in binary is 7.

for r-x you would get 101 which in binary is 5

for rw- you would get 110 which in binary is 6

 

So, to string the three permissions together (I will use egorgry's example):

 

|d|rwx||rwx||---| monkey bannana /folder1

 

It would be:

d | 111 | 111 | 000 |

 

Which would be "chmod 770 foo"

 

You see? Sorry if I brought this to a level that may be way to low, but - hey you never know. Right?

[paultazzyman 0]

Noit a level too low - unless you are working down at the bit-bashing level ( or are an old fart like me ) the concept of HEX and binary aren't relevant in computing these days.

 

Good post !!!