Fwd: Re: [expert] Are group permissions necessary for other (all) permissions?
(Hope this is not a duplicate -- it appears that I originally sent it to myself -- oh, the hazards of experimenting with multiple mail clients. ;-) I guess I should have mentioned that joe and dummy are not in a common group. (joe is in a group called joe, dummy is in a group called dummy, and, these are not the real names). _And, I guess I haven't left dos behind -- I meant to type ls instead of dir._ Randy Kramer On Tuesday 27 August 2002 09:13 pm, you wrote: On Tuesday 27 August 2002 06:17 pm, you wrote: This is a little hard to follow ... perhaps an example? Do you mean drwx-- joeuser ourgroup group_directory Thanks for your response! I'll try an example: Two users: joe and dummy file /home/joe/mail/test.txt -rw-r--rw-1 joe joe 8224 Aug 27 20:50 test.txt dir /home drwxr-xr-x5 root root 120 Feb 6 1996 ./ dir /home/joe drwxr-xr-x 32 joe joe 2008 Aug 26 20:03 ./ dir /home/joe/mail drwx---r-x2 joe joe 496 Aug 27 20:48 ./ With the above situation, dummy could not access file /home/joe/mail/test.txt. After quite a bit of experimentation, I changed the permissions on dir /home/joe/mail to: drwxr-xr-x2 joe joe 496 Aug 27 20:48 ./ and finally, at this point, dummy could access test.txt. That's what I found surprising. Is it the expected behavior of Linux? A much better way of doing this would be to create a directory outside of any user's home directory, give that directory (and the files in it) a specific group name, and assign whoever you want as users to be members of that group. Then set permissions g+rwx to subdirectories, and g+rw to files in it. Well, I ran into a bunch of roadblocks in bending Procmail to my will. Sort of surprising for a system that supposedly allows you to shoot yourself in the foot if you want to. Best/most expedient resolution I came up with was to create a dummy user (dummy) and let him place mail directly into some of joe's mail folders. regards. Randy Kramer --- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Are group permissions necessary for other (all) permissions?
I just ran into something that surprised me. I was trying to let one user have access to a file owned by another user (and in that other user's $HOME hierarchy). I did not want to change the group owner of the file in this case, so I tried giving the file (and all directories above it) the appropriate permissions for all (other) -- like o+rw for the file, and o+rx for all directories above the file. In this case, the parent directory of the file in question had a group owner but no permissions assigned. The user to whom I was trying to give access could not get access to the file until I went back and assigned some group permissions to the parent directory of the file -- specifically g+rx. Is that the expected behavior in LInux? thanks, Randy Kramer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Are group permissions necessary for other (all) permissions?
* Randy Kramer [EMAIL PROTECTED] [020827 15:08]: I was trying to let one user have access to a file owned by another user (and in that other user's $HOME hierarchy). I did not want to change the group owner of the file in this case, so I tried giving the file (and all directories above it) the appropriate permissions for all (other) -- like o+rw for the file, and o+rx for all directories above the file. This SHOULD work, although it is pretty lax security to let just anyone browse your home directory. In this case, the parent directory of the file in question had a group owner but no permissions assigned. This is a little hard to follow ... perhaps an example? Do you mean drwx-- joeuser ourgroup group_directory This would mean that joeuser could browse and create files in the directory and descend into it. No one else, not even members of ourgroup, can browse, create files, or descend into it. The user to whom I was trying to give access could not get access to the file until I went back and assigned some group permissions to the parent directory of the file -- specifically g+rx. A much better way of doing this would be to create a directory outside of any user's home directory, give that directory (and the files in it) a specific group name, and assign whoever you want as users to be members of that group. Then set permissions g+rwx to subdirectories, and g+rw to files in it. Is that the expected behavior in LInux? Yes, if I understand you correctly. Probably, even if I don't ;-) -- Jan Wilson, SysAdmin _/*]; [EMAIL PROTECTED] Corozal Junior College | |:' corozal.com corozal.bz Corozal Town, Belize | /' chetumal.com linux.bz Reg. Linux user #151611 |_/ Network, PHP, Perl, HTML Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Are group permissions necessary for other (all) permissions?
Randy Kramer wrote: I just ran into something that surprised me. I was trying to let one user have access to a file owned by another user (and in that other user's $HOME hierarchy). I did not want to change the group owner of the file in this case, so I tried giving the file (and all directories above it) the appropriate permissions for all (other) -- like o+rw for the file, and o+rx for all directories above the file. In this case, the parent directory of the file in question had a group owner but no permissions assigned. The user to whom I was trying to give access could not get access to the file until I went back and assigned some group permissions to the parent directory of the file -- specifically g+rx. Is that the expected behavior in LInux? thanks, Randy Kramer Hi Randy, It is indeed the expected behavior. IN fact, I was going to suggest making user B a member of the same group as user A. A being the files original owner. Then allowing both users rw access to the file by chmod'ing it 664 or 660 so that it was readable and writable by both the file owner and the group. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Are group permissions necessary for other (all) permissions?
* Randy Kramer [EMAIL PROTECTED] [020827 19:21]: file /home/joe/mail/test.txt -rw-r--rw-1 joe joe 8224 Aug 27 20:50 test.txt dir /home drwxr-xr-x5 root root 120 Feb 6 1996 ./ dir /home/joe drwxr-xr-x 32 joe joe 2008 Aug 26 20:03 ./ dir /home/joe/mail drwx---r-x2 joe joe 496 Aug 27 20:48 ./ With the above situation, dummy could not access file /home/joe/mail/test.txt. Given this setup, I don't know why anyone couldn't read test.txt. Well, I ran into a bunch of roadblocks in bending Procmail to my will. Sort of surprising for a system that supposedly allows you to shoot yourself in the foot if you want to. Best/most expedient resolution I came up with was to create a dummy user (dummy) and let him place mail directly into some of joe's mail folders. It sounds like you might be running into procmail's security requirements. Check man procmail, around line 495 where it specifies that, for example, $HOME/.procmailrc cannot be group-writable or in a group-writable directory. -- Jan Wilson, SysAdmin _/*]; [EMAIL PROTECTED] Corozal Junior College | |:' corozal.com corozal.bz Corozal Town, Belize | /' chetumal.com linux.bz Reg. Linux user #151611 |_/ Network, PHP, Perl, HTML Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com