Results 1 to 8 of 8

Thread: how to have files created by one user modifiable from other users

  1. #1

    Default how to have files created by one user modifiable from other users

    on opensuse 13.2 and kde, I have four users and partitioned as follow:
    / =system
    /home =users: procuste, nipoti, rosy, eros home
    /dati =common stuff
    I would like that if procuste create a folder or a file in /home/procuste or in /dati, all other users can view and modify this file; and the same for other users.
    how can I get this???
    manythanks, ciao :-) pier

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,240

    Default Re: how to have files created by one user modifiable from other users

    The basics of Unix/Linux file ownership by user and group and the permission for read/write/execute for owner/group/others are a bit long to explain here in a post. But it must be very easy to find docmentation about that on the internet (e.g. http://en.wikipedia.org/wiki/File_system_permissions).

    In short, when a user creates a file within his home directory (or any other place where he/she is allowed to create files), it is his/her resonsability to make that file available (for read and/or write) to others. That is not something that can be forced by those others (of course). So what you ask for (making every file every user creates available for everything to everybody) is probably not in accordance with those users wishes.
    Henk van Velden

  3. #3

    Default Re: how to have files created by one user modifiable from other users

    Quote Originally Posted by hcvv View Post
    The basics of Unix/Linux file ownership by user and group and the permission for read/write/execute for owner/group/others are a bit long to explain here in a post. But it must be very easy to find docmentation about that on the internet (e.g. http://en.wikipedia.org/wiki/File_system_permissions).

    In short, when a user creates a file within his home directory (or any other place where he/she is allowed to create files), it is his/her resonsability to make that file available (for read and/or write) to others. That is not something that can be forced by those others (of course). So what you ask for (making every file every user creates available for everything to everybody) is probably not in accordance with those users wishes.
    manythanks, :-) users asked me this.... :-) so as your link says..

    "However, when sharing files is desirable, the administrator can create a group containing the desired users, create a group-writable directory assigned to the new group, and, most importantly, make the directory setgid. Making it setgid will cause files created in it to be assigned to the same group as the directory and the 002 umask (enabled by using user private groups) will ensure that other members of the group will be able to write to those files"

    how can I permanently get this???

  4. #4

    Default Re: how to have files created by one user modifiable from other users

    Defining a directory with the setgid bit is something you usually do
    one-time when creating the directory, and if /dati is new then that is
    likely the best place to do it. This causes, within the filesystem, for
    anything created within (regardless of the creating user, assuming that
    user has rights to create files within) to be group-owned by the same
    group as the group-owner as the setgid directory. For example, if /dati
    is group-owned by 'users', and if you have the setgid bit set, then
    assuming your other users can create things in there ('w'/write rights to
    the /dati directory) those created things will also magically have the
    'users' group-owner set, which is presumably the group to which all of
    those users belong, thus allowing them access to all of those files. As a
    result, you do not need to do anything to "permanently get this" other
    than ensure that the directory is set correctly when first created and
    users are set correctly as part of the desired/specified group.

    Doing this on a directory like /home seems like a bad idea to me. You
    likely already have files/directories in there which you would need to
    modify, and there are also likely files/directories in there which should
    remain private. A dedicated directory structure like /dati is usually the
    right way to do something shared like this. Note that all of the
    following commands likely need privileges, so prepend with 'sudo' or
    become 'root' first:

    Code:
    #Create the directory and set it appropriately for group 'users'
    mkdir /dati
    chgrp 'users' /dati
    chmod 2770 /dati
    
    #be sure all applicable users are also members of the 'users'
    #(or whichever) group; in openSUSE, the 'users' group is set on
    #users by default, so this is redundant unless you use another group
    usermod -a -G users someuserhere
    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  5. #5

    Default Re: how to have files created by one user modifiable from other users

    Quote Originally Posted by ab View Post
    Defining a directory with the setgid bit is something you usually do
    one-time when creating the directory, and if /dati is new then that is
    likely the best place to do it. This causes, within the filesystem, for
    anything created within (regardless of the creating user, assuming that
    user has rights to create files within) to be group-owned by the same
    group as the group-owner as the setgid directory. For example, if /dati
    is group-owned by 'users', and if you have the setgid bit set, then
    assuming your other users can create things in there ('w'/write rights to
    the /dati directory) those created things will also magically have the
    'users' group-owner set, which is presumably the group to which all of
    those users belong, thus allowing them access to all of those files. As a
    result, you do not need to do anything to "permanently get this" other
    than ensure that the directory is set correctly when first created and
    users are set correctly as part of the desired/specified group.

    Doing this on a directory like /home seems like a bad idea to me. You
    likely already have files/directories in there which you would need to
    modify, and there are also likely files/directories in there which should
    remain private. A dedicated directory structure like /dati is usually the
    right way to do something shared like this. Note that all of the
    following commands likely need privileges, so prepend with 'sudo' or
    become 'root' first:
    ..maaaanythanks, crystal clear :-)
    Quote Originally Posted by ab View Post
    Code:
    #Create the directory and set it appropriately for group 'users'
    mkdir /dati
    chgrp 'users' /dati
    chmod 2770 /dati
    
    #be sure all applicable users are also members of the 'users'
    #(or whichever) group; in openSUSE, the 'users' group is set on
    #users by default, so this is redundant unless you use another group
    usermod -a -G users someuserhere
    /dati already exist and is users group owned so I read about what 2770 means and preferred 2774..
    I did chmod 2774 for /dati and for /home/allusers
    but files inside /home/procuste are no GID set, is there a way to give the chmod command recursively??
    ...privacy in this case is not wanted..., is a laptop where users are very newby and all this is very annoying.. :-) so every file could be accessible for everybody also downloaded in /home or ktorrent in /home...

    Quote Originally Posted by ab View Post
    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
    done with pleasure... :-)

  6. #6

    Default Re: how to have files created by one user modifiable from other users

    On 12/30/2014 07:26 AM, pier andreit wrote:
    >
    > ..maaaanythanks, crystal clear :-)
    > ab;2685987 Wrote:
    >>>

    > Code:
    > --------------------
    > > >

    > > #Create the directory and set it appropriately for group 'users'
    > > mkdir /dati
    > > chgrp 'users' /dati
    > > chmod 2770 /dati
    > >
    > > #be sure all applicable users are also members of the 'users'
    > > #(or whichever) group; in openSUSE, the 'users' group is set on
    > > #users by default, so this is redundant unless you use another group
    > > usermod -a -G users someuserhere
    > >

    > --------------------
    >>>

    >>

    > /dati already exist and is users group owned so I read about what 2770
    > means and preferred 2774..


    Just so you are aware, 2774 is kind of weird, mostly because of the '4'.
    you probably really want 2775, since 4 means the 'r' bit is set (you can
    see things in the directory) and '5' means the 'r' and 'x' bits are set
    (you can see/list things, as well as actually go into the directory).
    Doesn't matter a ton since we actually care about the second '7' for our
    case, and the '4' or '5' is just for everybody else.

    > I did chmod 2774 for /dati and for /home/allusers
    > but files inside /home/procuste are no GID set, is there a way to give
    > the chmod command recursively??


    Yes, but don't use it yet. the '-R' makes commands like chmod/chown/chgrp
    recursive, so hooray there. Using 'chgrp -R users /dati' right now
    probably makes sense, but chown with, with those permissions, is a little
    less-normal since you PROBABLY do not want all files within to be
    executable for the user and group-owners, and you probably also do not
    want the SGID bit set on files (it's only valid on directories afaik).
    Since SGID is all about setting the group-owner on things, just do that:

    Code:
    chgrp -R users /dati
    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  7. #7

    Default Re: how to have files created by one user modifiable from other users

    Quote Originally Posted by ab View Post
    On 12/30/2014 07:26 AM, pier andreit wrote:
    Just so you are aware, 2774 is kind of weird, mostly because of the '4'.
    you probably really want 2775, since 4 means the 'r' bit is set (you can
    see things in the directory) and '5' means the 'r' and 'x' bits are set
    (you can see/list things, as well as actually go into the directory).
    Doesn't matter a ton since we actually care about the second '7' for our
    case, and the '4' or '5' is just for everybody else.
    ...you are right, 2775 is better... :-) :-)

  8. #8

    Default Re: how to have files created by one user modifiable from other users

    Quote Originally Posted by ab View Post
    On 12/30/2014 07:26 AM, pier andreit wrote:
    Yes, but don't use it yet. the '-R' makes commands like chmod/chown/chgrp
    recursive, so hooray there. Using 'chgrp -R users /dati' right now
    probably makes sense, but chown with, with those permissions, is a little
    less-normal since you PROBABLY do not want all files within to be
    executable for the user and group-owners, and you probably also do not
    want the SGID bit set on files (it's only valid on directories afaik).
    Since SGID is all about setting the group-owner on things, just do that:

    Code:
    chgrp -R users /dati
    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
    you are right again...., :-) chgrp make more sense..
    many thanks, happy new year :-) ciao :-) pier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •