I've created a user with uid 100999 and a group with gid 100999.
100999 is my user namespace. The goal is to write and manipulate files owned by my user namespace.
Added myself to group 100999.
uid=1000(me) gid=1000(me) groups=1000(me),10(wheel),983(libvirt),100999(test)
User 100999 belongs to group 100999 as well.
uid=100999(test) gid=100999(test) groups=100999(test)
Created a directory and changed it's ownership to 100999:100999. Also set permissions 775 to it.
drwxrwxr-x. 1 100999 100999 0 jul 9 10:29 test
drwxrwxr-x. 1 test test 0 jul 9 10:29 test
However, I can't do write operations inside directory "test" as user 1000 (myself), resulting in permission denied.
What am I doing wrong?
Apparently one needs to restart the session after being added to a group.
Related
I have two groups manually created in /etc/group:
file-owner:x:300:user
user:x:400:
I have a configuration file, owned by the user/group file-owner. I don't want other users to read it.
ls -l /tmp/my-configs.txt
-r--r----- 1 file-owner file-owner 1054552 Jun 11 12:22 /tmp/my-configs.txt
I run a process with id user:user but I cannot read the configuration file owned by file-owner.
Am I doing something wrong?
I need that the user tom can write/delete current log files and also log files created in the future by the user owner from the directory for in the path:
/one/two/three/for/.
The directory /for/ had these permissions:
drwxr-xr-x 3 owner owner 12288 Feb 27 10:17 for
The user tom belongs to the group owner.
I changed the permissions of the for directory with
chmod -R g+w for/*
so now i have
drwxrwxr-x 3 owner owner 12288 Feb 27 11:17 for
and the files inside the for directory have these permissions (664):
-rw-rw-r-- 1 owner owner 2028593 Feb 28 2018 file
but after the creation of a new file it has still the old permissions (644):
-rw-r--r-- 1 owner owner 2028593 Feb 28 2018 newfile
Do you know the way to keep these permissions?
Thanks
I used root user but I found that I can delete it with the user tom. I didn't try it before. So it's solved.
It inherits the permissions from the directory.
Thank you
what is the owner and group of this below file? It has 0 and 0 for owner and group.
-rw-rw-rw- 1 0 0 464 Oct 16 14:31 a.txt
I found those permissions after connecting to a remote server for which we does not have write permissions.
How to replicate the same permisions in my development machine?
0:0 is almost always root:root owner and group. The command, cat /etc/group shows group ID numbers. In most (all?) cases, users and groups with the same name share the same ID number.
In Linux, I am the owner of a file, then I tried to change owner to another account, failed. Operation not permitted. Do you know why ? I am the user 'BBB'. Thanks
-bash-4.1$ ls -al
drwxrwxrwx 2 AAA games 4096 Nov 23 14:39 .
drwxr-xr-x 3 AAA games 4096 Nov 23 14:36 ..
-rw-r--r-- 1 BBB esmgroup 16798 Nov 23 14:38 XXX-1.0-SNAPSHOT.jar
-bash-4.1$ chown AAA:games ./*.jar
chown: changing ownership of `./XXX-1.0-SNAPSHOT.jar': Operation not permitted
Only root can change the owner on the file. That's final.
You can do that by login to root using su or use sudo before your command.
More information here: https://unix.stackexchange.com/questions/27350/why-cant-a-normal-user-chown-a-file
You can change the file's group if you're in more than one group.
You should login to root account to be granted to change ownership to any user
You can type sudo before the command and then login to your root user
I want to know how does a process in Linux decides what privileges it has?
Suppose there is a binary program Read_File that reads from file /home/myname/data.txt and displays the contents of it to the STD output; now, how does Read_File decides whether or not it has permission to read data.txt, what type of ids it checks to decide the privileges?
First, a bit of background:
The process is usually run by a specific user. So for example, if you log in yourself and run the program, it will run with the same privileges as yourself. You can check the permissions on the file with either stat or ls -l.
Using stat
malbert#dredg:/tmp$ stat foo
File: `foo'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fb00h/64256d Inode: 618 Links: 1
Access: (0644/-rw-r--r--) Uid: (11204/ malbert) Gid: (10513/domain users)
Access: 2011-06-10 13:03:27.181227226 +0200
Modify: 2011-06-10 13:03:27.181227226 +0200
Change: 2011-06-10 13:03:27.181227226 +0200
The important infos here are:
Access: (0644/-rw-r--r--) Uid: (11204/ malbert) Gid: (10513/domain users)
This tells you the permissions for the owner (rw-), group (r--) and everyone else (r--). It also shows you the current owner id (Uid) and the current group id (Gid).
The abbreviations stand for:
r = read access
w = write access
x = execute/traverse directory access
Using ls -l
ls -l gives you a quick summary:
malbert#dredg:/tmp$ ls -l /tmp
total 48
drwx------ 2 malbert domain users 4096 2011-06-10 08:51 akonadi-malbert.zOSngu
-rw-r--r-- 1 malbert domain users 0 2011-06-10 13:03 foo
drwx------ 2 kdm nogroup 4096 2011-06-10 08:51 kde-kdm
drwx------ 3 malbert domain users 4096 2011-06-10 08:51 kde-malbert
[snip]
Here you can see the same info as with stat, but as a summary. Also, the uid's and gid's are resolved into names (in this case malbert and domain users). You can use ls -u to see these as numeric values.
In case you want to run the application as a different user as yourself, you can either use su, sudo or your application itself can drop priviledges and change the user it is running as. This is usually the way system daemons do things.
ACLs / extended attributes
Be careful about extended attributes. When listing the files using ls -l these are visible with an appended + sign. For example:
malbert#dredg:/tmp$ ls -l
total 48
drwx------ 2 malbert domain users 4096 2011-06-10 08:51 akonadi-malbert.zOSngu
-rw-rwxr--+ 1 malbert domain users 0 2011-06-10 13:03 foo
drwx------ 2 kdm nogroup 4096 2011-06-10 08:51 kde-kdm
drwx------ 3 malbert domain users 4096 2011-06-10 08:51 kde-malbert
[snip]
Notice the following line:
-rwxr--+ 1 malbert domain users 0 2011-06-10 13:03 foo
The + sign in -rwxr--+ points to extended attributes. It is possible that these are ACLs. There is an excellent document on ACLs in the SuSE documentation. Go have a look at it if you need to. Explaining ACLs would certainly explode this article, so I won't discuss those.
Extended attributes could also be related to the file system. See the man page of chattr for more information on that.
Now, as a sidenote: this is StackOverflow. Questions should be development related. For questions like this one, there's http://www.serverfault.com. But As you were not aware, that this is not a development problem, but more related to the OS, I felt I should answer anyway ;)
Good luck, and have fun!
The process doesn't decide anything; whenever it tries an operation the operating system checks it's EUID and decides if has the required privileges.
For example when it tries to access a file, the owner and permissions of the file are checked. If the EUID of the process doesn't have enough privileges for an operation, that operation will fail (usually with EPERM).