Re: groups vs users

From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
Date: Thu, 15 Feb 2007 13:54:17 -0600

On Thu, 15 Feb 2007, in the Usenet newsgroup comp.os.linux.setup, in article
<4eb5518e23daves@xxxxxxxxxxxxxxxxx>, Dave Stratford wrote:

Moe Trin <ibuprofin@xxxxxxxxxxxxxxxxxxxxxx> wrote:

I believe what you are thinking about is changing the permissions to
"2775" which would be displayed as

drwxrwsr-x 1 root dev 2048 Jan 1 1970 /var/www/html

(note the 's' for group execute permission) and this would cause files
created in this directory to be owned by the user (dave) but the group
owner would be the owner of the directory (dev) and NOT the primary
group of the owner.

It took me a while to work out what the 2775 (in particular the 2) did.

OK - I should have done a bit more explaining. As stated, neither the
man or info pages ('man chmod' verses 'info chmod') give the greatest
explanation of what the flags do. Using the octal value rather than
the alphabetical values is just an experience thing. I'm used to working
with the numbers, and not as comfortable with the letters. Each method
has it's uses, strong and weak points.

I noticed the s in the display, and then played around, moving, copying
and creating files to realise what was happening. It's exactly what I
wanted and needed.

You still need to be a member of the group (to have write access), but
you don't need to run the 'newgrp' command to make a specific group your
'primary' group ID. Yes - very handy.

The Xnnn numeric sequence has eight possible values (like the other
digits), but there are some differences in the effect on a directory
verses on a file. Also, how an 'ls -l' command _displays_ the resulting
mess is less obvious.

For directories, only 1xxx and 2xxx have meaning (4xxx does nothing). If
you look at /tmp or /var/tmp, you'll see that these directories are
readable/writable by everyone, and that _can_ be bad news when you have
"playful" users (like students in a class sharing a directory). So we
change permissions on that directory from '777' (the leading zero is
implied but not shown) which would be

drwxrwxrwx 1 root root 2048 Jan 1 1970 /tmp

to '1777' which changes the "others" permission to 't' (o=t is the
letter version of the '1xxx' bit) and this gives

drwxrwxrwt 1 root root 2048 Jan 1 1970 /tmp

The effect of this change is that only the Owner of a file (and root)
can delete it. Without this, anyone who can _write_ to the directory can
also delete files in this directory, leading to much student hilarity.
You _may_ find someone setting a group directory to '1770' and setting
the group ownership to something like 'students' to prevent "outsiders"
from accessing the directory. This would show as

drwxrwx--T 1 root students 2048 Jan 1 1970 /tmp/students

Note the 'T' rather than a 't' - meaning that the sticky bit is set (1xxx)
but the 'others execute' permission is NOT set.

The '2xxx' permission on a directory (g=s) has been described upthread.
The not-very-useful permissions of 2740 (SGID, but without the execute
bit needed to _list_ the directory contents) would show up as a 'S'
rather than 's' in the ls output. (drwxr-S---).

Note that these actions are different for _files_ as compared to
directories. For files, the 2xxx and 4xxx permission causes
executable _binary_ files (does not apply to scripts) to be run with
the GID or UID of the file owner, rather than the person who actually
invoked the binary. The 1xxx bit has no effect any more, but used to
mean that if the file were swapped OUT of memory, it didn't have to
be saved to swap space, but would be reloaded from permanent disk
space when the file were swapped back IN. This is a relic of the past
when both RAM and disk space were expensive and could profitably be
used for other purposes.

Old guy
.

References:
- Re: groups vs users
  - From: Moe Trin
- Re: groups vs users
  - From: robert
- Re: groups vs users
  - From: Moe Trin

Prev by Date: Re: 1280x800 with Intel 945GM (laptop)
Next by Date: Re: installing RHEL 3 on an unsupported storage array
Previous by thread: Re: groups vs users
Next by thread: Re: groups vs users
Index(es):
- Date
- Thread

Relevant Pages

Re: Restricting where a user can go.
... to a specific directory and all its sub-directories. ... They determine who can execute the file, ... I'm the owner, mblack. ... If I changed the permission, then members of the group "users" could write ...
(comp.os.linux.misc)
Re: Running extended stored procs under win 98
... > The callers of the SP do not have permission to execute XP ... owned by 'dbo' and are in different databases, ... I have a stored procedure SP (owner by sa) that calls an extended ...
(microsoft.public.sqlserver.server)
Re: SQL 2005 execute permissions
... If the user has a permission to create an object (he is an owner). ... to allow a user to create a new procedure and then grant execute ... Grant execute permissions for that role for that procedure.. ...
(microsoft.public.sqlserver.security)
stored procedures and permissions
... It is my understanding that when a user executes a stored procedure they ... When myproject_web tries to execute a stored procedure I receive errors ... SELECT permission denied on object 'employees', ... 'some_database', owner 'myproject'. ...
(microsoft.public.sqlserver.security)
Re: Object permissions
... you grant modify permission on the qryAttendanceActual query. ... trying to change the owner to a group or an individual, ... the query, they can actually open the query once the sql is set. ...
(microsoft.public.access.security)