[CLUE-Tech] groups

Mike Staver staver at fimble.com
Tue Apr 30 18:07:58 MDT 2002 

I'll give that a shot, I hadn't input a password for any of these 
groups, so that might be the thing holding me back!

Timothy C. Klein wrote:

>* Mike Staver (staver at fimble.com) wrote:
>  
>
>>Alright, so I created an accounted called ftpguys, and added it to the 
>>group ftpguys.  Then, I made sure the ftp_files directory is owned by 
>>ftpguys and so is everything in the directory.  Still no go when I try 
>>to ftp in as "boz" and try to upload a file.  Also, I can not touch a 
>>file when su'd as boz.  I seriously don't understand how this groups 
>>thing works if what I have done thus far doesn't seem to allow people in 
>>a specific group access to a certain file or directory.  You said the 
>>system first pays attention to the user id - well, how do I get it to 
>>look past that and at the group?
>>
>>    
>>
>
>The system first sees if the user is allowed access.  Thus, if ther user
>is granted access, then the file permission checking will stop.  If the
>user is not granted access, the group access rights are checked.  If the
>user belongs to the group, then access is granted.  If still no
>permissions are allowed, the system checks the 'other' field of the
>file.  This if the last check.
>
>Thus, assume this
>
>/etc/passwd
>
>teece:x:1000:1000:Timothy C. Klein,,,:/home/teece:/bin/bash
>
>and /etc/group
>
>dialout:x:20:teece,silver13
>cdrom:x:24:teece
>floppy:x:25:teece
>sudo:x:27:teece
>audio:x:29:teece,silver13
>backup:x:34:teece,silver13
>src:x:40:teece
>video:x:44:teece
>cvs:x:103:teece
>lpadmin:x:104:teece,silver13,root
>teece::1000:teece
>
>Those are all the groups I belong to.  Thus, if there is the following
>file:
>
>crw-rw-r--    1 root     dialout    4,  64 Mar 19 00:27 /dev/ttyS0
>
>(my first serial port).
>
>Say I want write access to that file.  First, the system checks the
>owner, which is root.  I am not root, so I am not granted access that
>way.  Next, it checks the group, which is dialout.  You'll notice that I
>am a member of the dialout from the /etc/group listing.  Also, members
>of this group are allowed write access to the file (thats the 5th
>position in the permisions field, it is a 'w', which means write access
>OK).  The system doesn't have to check any longer, as it knows I can
>write to the file.
>
>When you create a file, it is going to have your user account as the
>owner, and your default group from the /etc/passwd file.  Unless I
>change something, any file I create will belong to user teece, group
>teece (uids of 1000, 1000, see above).  
>
>If I want to create something belonging to group src, I do a
>chmod teece.src somefile. The thing that used to always bite me was the
>groups password.  They can have one, but I never use them.  So I would
>edit the /etc/group file by hand, and forget to let the shadow password
>facilities be updated, thus I could not really use the group.  So if you
>edit by hand, make sure to do the 'grpconv' command, so that shadow
>passwords are updated.
>
>HTH,
>Tim
>--
>==============================================
>== Timothy Klein || teece at silverklein.net   ==
>== ---------------------------------------- ==
>== "Hello, World" 17 Errors, 31 Warnings... ==
>==============================================
>_______________________________________________
>CLUE-Tech mailing list
>CLUE-Tech at clue.denver.co.us
>http://clue.denver.co.us/mailman/listinfo/clue-tech
>  
>

-- 

                                -Mike Staver
                                 staver at fimble.com
                                 mstaver at globaltaxnetwork.com

More information about the clue-tech mailing list