[CLUE-Tech] groups
Mike Staver
staver at fimble.com
Tue Apr 30 18:07:58 MDT 2002
I'll give that a shot, I hadn't input a password for any of these
groups, so that might be the thing holding me back!
Timothy C. Klein wrote:
>* Mike Staver (staver at fimble.com) wrote:
>
>
>>Alright, so I created an accounted called ftpguys, and added it to the
>>group ftpguys. Then, I made sure the ftp_files directory is owned by
>>ftpguys and so is everything in the directory. Still no go when I try
>>to ftp in as "boz" and try to upload a file. Also, I can not touch a
>>file when su'd as boz. I seriously don't understand how this groups
>>thing works if what I have done thus far doesn't seem to allow people in
>>a specific group access to a certain file or directory. You said the
>>system first pays attention to the user id - well, how do I get it to
>>look past that and at the group?
>>
>>
>>
>
>The system first sees if the user is allowed access. Thus, if ther user
>is granted access, then the file permission checking will stop. If the
>user is not granted access, the group access rights are checked. If the
>user belongs to the group, then access is granted. If still no
>permissions are allowed, the system checks the 'other' field of the
>file. This if the last check.
>
>Thus, assume this
>
>/etc/passwd
>
>teece:x:1000:1000:Timothy C. Klein,,,:/home/teece:/bin/bash
>
>and /etc/group
>
>dialout:x:20:teece,silver13
>cdrom:x:24:teece
>floppy:x:25:teece
>sudo:x:27:teece
>audio:x:29:teece,silver13
>backup:x:34:teece,silver13
>src:x:40:teece
>video:x:44:teece
>cvs:x:103:teece
>lpadmin:x:104:teece,silver13,root
>teece::1000:teece
>
>Those are all the groups I belong to. Thus, if there is the following
>file:
>
>crw-rw-r-- 1 root dialout 4, 64 Mar 19 00:27 /dev/ttyS0
>
>(my first serial port).
>
>Say I want write access to that file. First, the system checks the
>owner, which is root. I am not root, so I am not granted access that
>way. Next, it checks the group, which is dialout. You'll notice that I
>am a member of the dialout from the /etc/group listing. Also, members
>of this group are allowed write access to the file (thats the 5th
>position in the permisions field, it is a 'w', which means write access
>OK). The system doesn't have to check any longer, as it knows I can
>write to the file.
>
>When you create a file, it is going to have your user account as the
>owner, and your default group from the /etc/passwd file. Unless I
>change something, any file I create will belong to user teece, group
>teece (uids of 1000, 1000, see above).
>
>If I want to create something belonging to group src, I do a
>chmod teece.src somefile. The thing that used to always bite me was the
>groups password. They can have one, but I never use them. So I would
>edit the /etc/group file by hand, and forget to let the shadow password
>facilities be updated, thus I could not really use the group. So if you
>edit by hand, make sure to do the 'grpconv' command, so that shadow
>passwords are updated.
>
>HTH,
>Tim
>--
>==============================================
>== Timothy Klein || teece at silverklein.net ==
>== ---------------------------------------- ==
>== "Hello, World" 17 Errors, 31 Warnings... ==
>==============================================
>_______________________________________________
>CLUE-Tech mailing list
>CLUE-Tech at clue.denver.co.us
>http://clue.denver.co.us/mailman/listinfo/clue-tech
>
>
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list