Server :: File Access Permissions - Working With Groups And Users?
Sep 15, 2009
Having set up many windows servers with complex permissions on shared folders, I now have to do the same in Linux (and I'm such a noob to Linux) I understand that each file/folder is assigned a user + group, and that the rights can be set for the user, the group and global (aka everybody else) My challenge is this, inside my shared folder there is a folder that should be RW to some users, READ ONLY to others, and not accessible at all to the rest of the users. (lets call the folder MyFolder ) All 3 groups have more than 1 user, so they have to be groups (right?) How would this model work in Linux ? If there is no other way, I guess I can nest the MyFolder in a folder that has permissions to allow all users that may access MyFolder, and block the rest, then on MyFolder, set owner group the RW users, and set global to READ ONLY.
Ps : The server I'm setting up runs Debian Lenny, files will be accessed from windows workstations using samba.
this directory has permissions 750 and is owned by user1 and group user1 I have an admin user that is primarily a part of group admin, but also a part of group user1 what would stop admin from having read and execute permissions on this directory? I'm running clamav and have a clamd daemon running as user admin (I could run it as any user, and I may make a special user later, but I don't want to run it as user1, user2, etc).
I have 2 (technically lots more, but let's just say 2 for now) users, user1 and user2 that have home directories /home/user1 and /home/user2. each is owned and group owned by user1:user1 and user2:user2 respectively with permissions of 750. my admin user is part of groups admin, user1, and user2 I need this to be able to scan my user's directories using the command (is this correct?):
If I change the directory permissions to 755, it works fine.Or if I leave the permissions 750 and change the directory group ownership to admin, it works fine. So, why would this be? Obviously it is a permissions issue, but why is it not reading admin as part of the user1 group and allowing the same permissions as it does when making the directory group-owned by admin?
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
I am used to setting up users and groups on my daughters computers with Ubuntu installed. user: magz (daughter) user: nigel (me) group: nima
We each have our own folder for files i.e. magz and nige. This has always worked well and it didn't matter which user is logged in we could create and access files in the other users folder with full permissions. root@nbsq: /media/2xfi/files# ls -l total 8 drwxrwxr-x 9 nigel nima 4096 Jul 13 09:45 magz drwxrwxr-x 3 nigel nima 4096 Jul 13 09:45 nige
I have finally got around to getting her to try Debian which I always use, however I have never had to set up users, groups etc in Debian (squeeze) so I just did what I'm used to with Ubuntu. What I've found is that if I create a folder while I am logged in then that folder cannot be accessed by my daughter when she is logged in and the same applies if she creates a folder then I cannot access it when I am logged in, unless of course I use terminal to change the owners. In each case with the new folder the owner will be: root and the group will be: root. I would have thought what works for Ubuntu would work for Debian, however there must be differences.
I own a particular file on a Linux system. I would like to give 2 groups (accounting, shipping) read access and only read access, and 3 users(Mike, Raj and Wally) write access and only write access. How can I accomplish this?
Slackware 13 64 bit Hp Photosmart c4280 USB (All-in-one)
- Printer successfully configured using CUPS
- Scanner only works when I am Root.
- When trying to access scanner as user it says there is no scanner attached.
What should be the groups for this user in order to access the scanner? Actually, they are: haldaemon, disk, audio, video, cdrom, plugdev, power, scanner, lp. Below are the outputs for sane-find-scanner (as both root and user), although, since the scanner works well under root, I am almost sure it is a problem with setting permissions and groups.
Quote:
# sane-find-scanner # sane-find-scanner will now attempt to detect your scanner. If the # result is different from what you expected, first make sure your # scanner is powered up and properly connected to your computer.
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
I am having problems with groups and file permissions. I have a file owned by myself
Code: -rw-rw-r-- 1 diblemar users 2.1K Jun 3 06:02 /cluster/shared/Injects/1404_1405_1000033606_79964.return.xml
I want to modify the file using a cgi script running on an apache server (on the same machine). Both diblemar and apache are in the same group.
Code: apache:x:48:diblemar
However, I receive a file permissions error when I try to modify the file. I assumed that with the permission settings above apache would be able to modify a file owned by someone else in the apache group.
I have a FTP server (vsftpd), and would like to setup different file permissions for different groups:
-"ftpusers" group should only be able to browse and download.
-"ftpadmins" group should be able to browse, download, AND WRITE (RNFR, RNTO, MKDIR....).
Let's say my main directory is /var/ftp/docs/. It should be accessible by "ftpusers" group, but only writeable by "ftpadmins" group. Other groups or users may not access it. Which permissions and ownership should I give? My problem is that the dir can't be owned by two groups...
I'm trying to learn about permissions on linux webserver with apache.Some clues to the system: The server I have to play around with is Fedora based. Apache runs as apache:apache. To allow for e.g. php to write to a file the file needs to be chmod 777. 755 is not sufficiant.What I'm wondering is basically how set up permissions like they should be on e.g. a "shared web host".My main problem is that if I set a permission so that one user cannot access anothers home folder, then apache can't read from the public_html folder either.
To keep the users out I need to set chmod 700. But to let apache to read I need to have at least execute on world,so a 701 basically works, but won't let some users in.So I'm really stuck on what to do. Have been concidering adding the apache user to the frous grours below to avoid having to add the world execute flag, but is that a bad thing? Should it be the other way around, the users in the groups below should also be in the apache group?I was aiming at having 4 groups:
1. webapp: same as dev_int, but is the only one that can go inside the webapp/live folder to e.g. do an update from the repo.
2. dev_int: can read,write and execute everything in the "web root", including the two below, but nothing outside of the web root
3. dev_ext: can read write and execute in all client folders, but cannot access anything outside of the webapp root
4. clientsBasic ftp accounts. Has a home folder with a public_html, but cannot access any other home folders
I have a folder at /home/www/, and the owner is www, which is part of the www-group. I have another user, john, part of the john group. How can I chown /home/www/ to make it writable by both www and john?
how to add users to groups with ldap? Further, could someone point me towards some good command-line management tools? Creating each dn manually is going to get old real fast...
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
I have setup a Centos5.5 VMWare guest with Samba and Winbind for Active Directory integration, using GUI tools. Authentication works flawlessly, with automatic home directory creation. What I want to achieve now is using local UNIX groups to controll access to shared folders, to avoid bothering AD administrators with groups management. This is my smb.conf global section:
'finance' is a local UNIX group where I added user 'COGITANSalberto' (I also tried with 'alberto') as a secondary group (primary group is 'domain users' and it cannot be changed). I am sure the user is added, because it is listed in 'getent group'. If I specify user COGITANSalberto in valid users it works, i.e. only that use can access the share, the others get a NT_STATUS_ACCESS_DENIED error. But if I use +finance, access is denied to everybody, and this is the log:
[2010/09/11 14:12:37, 10] smbd/share_access.c:user_ok_token(211) User COGITANSalberto not in 'valid users' [2010/09/11 14:12:37, 2] smbd/service.c:make_connection_snum(617) user 'COGITANSalberto' (from session setup) not permitted to access this share (finance)
[code]....
It seems like winbind cannot recognize finance as a local group. For the same reason, I guess, 'force group = finance' does not work either (files are created with 'domain users' group ownership). My /etc/nsswitch.conf:
I'm using my Linux (SLES 10) server as a File Server at this point. I need to set File Permissions to nested folders differently to different groups. For example:
homesharedengineering* should be read only for groupA homesharedengineeringadmin should be read & write for groupB Plus read only for groupA homesharedengineeringautocad should be read & write for groupC Plus read only for groupA
I've been using Webmin and Putty to set permissions but Putty only allows me the Default Group, it won't allow me to set several groups on the same directory. Webmin seems to allow me to add multiple groups (Webmin --> Others --> File Manager --> Info & ACL tab will provide extended abilities) but when I add multiple groups, they don't seem to take effect? I'm wondering if my setup at the 'Share' level or at the hierarchy of my folder structure (unix based) needs to be set specifically?
I've been living a dormitory for a while and our net connection is very slow because of the download via torrent or rapidshare, hotfile etc.(we have 4megabit speed unfortunately) I want to establish a ubuntu server and there are 45 people in our dormitory. Which ubuntu server version I'll use? How much storage that I have (i thought 4 tb is enough)? What kind of commands do I going to use and permissions. I want to appoint one person as a admin others just can add a file (music, movies vs.) they wouldnt have to delete!
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
I'm setting up a Fedora 11 server for the company of one of my friends. So far so good. But now he has asked me to setup access restrictions to folders through samba. Now I'm quite familiar with user access policies, even though I'm quite new to the GNU/Linux world. What I want to know is : what is the best way to give and remove, on the go, rwx access for a specific user to a certain folder in a linux system? Can I create groups for each folders, whose members will have the given permissions? Or do I have to create users for each folder and add to their group the user witch i want to give privilege to?
We are a school and we share a samba folder with students and teacher groups. What we are trying to do is:
- Give students group users the permissions to rwx own files in folder
- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.
- Teachers can do anything with files in folder
As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?
I am logged in with the account i created with ubuntu back in 10.4 but i cant do anything with the users and groups management tool any idea's what might be wrong? It also doesnt ask to escalate provilages when i run it which i suspect is part of the issue.
i have 5 groups, i want to set 3 of them to have full permissions to a folder and set 2 others with read only to same folder, please help me to solve this problem. in other words i want to set this 5 groups diffrent permissions to a folder.
I am setting up a new ubuntu server, and I am quite new to linux. This server will be used as code repository for a project I am going to be working on. I plan to setup 3 groups for users: dev, test, doc
- for various developers, testers and documentation users.
I would like to setup the following permissions on the main code repository directory:
dev - write permission test - execute permission doc - read permission public (anyone outside these groups) - deny all access
I am unsure what chmod setting to use, or if this is even possible in ubuntu.
I'm running 10.10 64-bit and have configured it for root graphical login for administration of the system. When I log in as root, I can run all menu items in System -> Administration with the exception of Users and Groups. When I try running this, the application starts, but I only get an animated spinning disk that doesn't stop, can't modify the users properties and I can't close the application unless I go to System -> Administration -> System Monitor -> Processes tab , highlight users-admin and click End Process.
If there are more tools that can be used to add users and groups, can someone direct me on how to find this information out, or can someone compile a list of tools?
I have centos 5.4 installed (2.6.18-128.2.1.el5 #1 SMP Tue Jul 14 06:36:37 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux), and I am using WHM/Cpanel to manage my server. I am looking for a GUI utility, so I can graphically manage users/groups.
Imported users and groups (UIDs 500 and above) from Redhad to Ubuntu 9.10 by appending users to the passwd, shadow and group files. Users and groups appear to work, but they do not show in the Users/Groups GUI. Is that because they do not start at a UID 1000 and up? What are my options to make them visable?
