Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Directory permissions (newbie question)

2 views
Skip to first unread message

Peter

unread,
May 21, 2003, 1:06:57 AM5/21/03
to
Hi,
I want to set up a directory that can be shared by several users.

I have created this directory:
/home/shared/

I set ownership of the directory to user peter, and the associated group
to "shared", which I associated with several users. (peter and sam for
example.)
I gave read/write access to the directory to the group and owner (and
other users) like this:
chmod 666 /home/shared/.

But I can't access the directory as user peter or sam.

Can someone explain what I'm doing wrong, or how to provide read/write
access to several users in one user group to a directory?

(Yeah I know - I'm a Windows user who doesn't know anything)

Thanks in advance,
Peter

Quasipsyco

unread,
May 21, 2003, 1:11:00 AM5/21/03
to
Peter layed claim to the following perspective:

> I have created this directory:
> /home/shared/
<snip>

> chmod 666 /home/shared/.
>
> But I can't access the directory as user peter or sam.

Perhaps you should read up on the numeric values of chmod.
Seems 770 would be what you want.
Remember that the last number is global which would give ANYBODY
access, thus why it is held at 0.

Mari

--
"A kiss that has no ropes, no strings no obligations,
I don't own you, be quite sure, you don't own me."
-- The Tear Garden 'In Search of My Rose'

menno

unread,
May 21, 2003, 5:19:27 AM5/21/03
to
On Wed, 21 May 2003 05:11:00 +0000, Quasipsyco wrote:

> Peter layed claim to the following perspective:
>> I have created this directory:
>> /home/shared/
> <snip>
>> chmod 666 /home/shared/.
>>
>> But I can't access the directory as user peter or sam.

Directory's have to be executeable for the user (or the group they belong
to) to excess them. - Just to be clear, as Quasipsyco already (more or
less) pointed that out -.

> Perhaps you should read up on the numeric values of chmod.
>
> Seems 770 would be what you want.

Seems to me 1770 would be wat the OP want. This way the users cant just
delete the whole dir. Make sure it is owned by root ie:
chown root:shared /home/shared

man chmod (look for the `sticky' bit)

> Remember that the last number is global which would give ANYBODY
> access, thus why it is held at 0.

Correct, however we wouldn't want to risk "user peter or sam" to (mistakingly?)
delete the whole dir now would we?

--
-Menno.

Quasipsyco

unread,
May 21, 2003, 2:05:15 PM5/21/03
to
menno layed claim to the following perspective:

> On Wed, 21 May 2003 05:11:00 +0000, Quasipsyco wrote:
>>
>> Seems 770 would be what you want.
>
> Seems to me 1770 would be wat the OP want. This way the users cant just
> delete the whole dir. Make sure it is owned by root ie:
> chown root:shared /home/shared

Guess I didn't hit the 1 key hard enough, sorry.
Spell checking doesn't cover number sequences.

Besides, what if does want to have them all have access for deleting
the directory? ;-)

menno

unread,
May 21, 2003, 2:33:28 PM5/21/03
to
On Wed, 21 May 2003 18:05:15 +0000, Quasipsyco wrote:

> Besides, what if does want to have them all have access for deleting
> the directory? ;-)

Hmn, you're right:

> On Wed, 21 May 2003 05:06:57 +0000, Peter wrote:
>
>> Message-ID: <3ECB0970...@yahoo.com>


>
>> Can someone explain what I'm doing wrong, or how to provide read/write
>> access to several users in one user group to a directory?

~

My bad... speculation.
I'll have to work on my reading comprehension.
I'd guss only the OP can overrule.

--
-Menno.

Peter

unread,
May 21, 2003, 9:55:33 PM5/21/03
to
Hi Menno / Mari,
Thanks for your help. I appreciate it!

I'm using:
chmod 1770 /home/shared

I've reread the man file on chmod, and finally (with some testing)
believe that I understand it. The bit that had been throwing me off was
that a user requires executable access to a directory to be able to read
files in it. So I had been setting maximum read/write permissions in
order to figure out why targetted ones weren't working.

I assume that "setting the user id" (4) and "group id" (2) in the first
byte is equivalent to using the chgrp and chown commands, so I will
always just set that bit to 0 or 1 and use the chgrp and chown commands.

Regards,
Peter

menno

unread,
May 22, 2003, 4:39:47 AM5/22/03
to
On Thu, 22 May 2003 01:55:33 +0000, Peter wrote:

> Hi Menno / Mari,

Hello again.

> Thanks for your help. I appreciate it!

No problemo.

> I'm using:
> chmod 1770 /home/shared

Good.



> I've reread the man file on chmod, and finally (with some testing)

> believe that I understand it. [...]

Way to go.

> I assume that "setting the user id" (4) and "group id" (2) in the first
> byte is equivalent to using the chgrp and chown commands,

No it's not - "equivalent to using the chgrp and chown commands".
If you suid/sgid an executable and run it as another user the "efective
user/group id" of the process will be that of the user/group owning the
file (not the one running it).

To illustrate, copy and paste the following in a file "get_sugid.c":
-----------------------------------------------------

#include <stdio.h>
/* We need this for getuid()/sgid() */
#include <unistd.h>
#include <sys/types.h>

int main(void){

printf("Real UID\t= %d\n", getuid());
printf("Effective UID\t= %d\n", geteuid());

printf("Real GID\t= %d\n", getgid());
printf("Effective GID\t= %d\n", getegid());

return 0;
}

-------------------------------------------------------

And compile it using:
gcc get_sugid.c -o get_sugid

Now try out some differend user/group permission combinations and fire it up as
differend users (setting the first bit to "0" "2", "4" and "6")

There is a use for the "sgid" bit on non executable files also. As it is
used for (System V style) mandatory file locking as well. You will
probaply never have to use this (applications set it for you).

> so I will
> always just set that bit to 0 or 1 and use the chgrp and chown commands.

That is the way i go about it, as well. If some user needs accesse just
stick 'am in the group(s).

I always rip the rights for "others" of of any suid-binarys as well
(of couse "chgrp"ing those files to new groups and putting users that need
the functionality in those groups).

You can "find" suid files using:
find / -type f -perm +4000 -ls 2>/dev/null

man find

--
-Menno.

Robert Newson

unread,
May 22, 2003, 12:53:01 PM5/22/03
to
Peter wrote:

> Hi Menno / Mari,
> Thanks for your help. I appreciate it!
>
> I'm using:
> chmod 1770 /home/shared
>
> I've reread the man file on chmod, and finally (with some testing)
> believe that I understand it. The bit that had been throwing me off was
> that a user requires executable access to a directory to be able to read
> files in it. So I had been setting maximum read/write permissions in
> order to figure out why targetted ones weren't working.

The Write permission on a directory is required if you want to change the
contents of a directory, ie add/delete a file

The Read permission on a directory is required if you want to list (read)
the contents of the directory

The eXecute permission on a directory is required if you want to search
(find the path to a file) the contents of the directory.

Thus, inder *nix, you can allow people access to files the name of which
they know, but prevent them finding out the names of files by using ls:

$ chmod 0711 dir
$ ls -ld dir
drwx--x--x 2 robert ran 4096 May 22 17:56 dir

If a user tries to access it to look at its contents, they'll get:

$ ls dir
ls: dir: Permission denied

but they can still:

$ cd dir
$

0 new messages