Find the answer to your Linux question:
Results 1 to 8 of 8
OK... I am trying to understand the linux file-sharing/security/networking model... it seems like for every file/directory/whatever you can assign/set the rights/privlidges for user/group/everyone. Now... this model seems exceptionally limited to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2004
    Posts
    44

    Understanding Linux Security and Groups


    OK... I am trying to understand the linux file-sharing/security/networking model... it seems like for every file/directory/whatever you can assign/set the rights/privlidges for user/group/everyone. Now... this model seems exceptionally limited to me so I am trying to figure out if I understand it correctly, because I am sure that I do not.

    For example, let us say that you had a reasonably sized corporation where you had several groups. For this example, let us say cats, dogs, owners, and food. Then let us say you had several shares, cat bed, dog house, owner house.

    Now... food is just the food, it shouldn't have access to any of those shares, cats should have access to the cat bed share only, dogs should have access to the dog house only, but neither of those groups should have access to the owner house, and the owner house should have access to all 3 shares.

    How could you even set something like that up? Particularly if there were multiple owners in each?

    Now that I have asked that question, which I just want to understand on a more philosophical level (because I really am curious, I am hoping to move away from Windows completely as soon as I can, I do NOT like the direction that M$ is heading...), I have a more specific question...

    I have migrated my domain controller from Windows 2000 to Linux and have samba and everything working so I can share files. The problem is, I have several users and each time they write a file, files do not seem to inherit the permissions of the directory they are in by default. It seems that they always seem to have the permissions set so that only the user that creates/whatever the file has the access to move or delete it, but I want all users to have administrative privlidges for now (this is in my house, so it is just me and my wife, the moment a kid comes along we may have to adjust that a bit...)

    How can I set the default permissions for files that are created on the network? I mean, I don't want everyone to have privlidges to them, such as any guest users or anything... but we are both in the same group that I created for us so at the least I want that group to have all privlidges, by default, on the shared network drives...

    How does one manage this?

  2. #2
    Just Joined!
    Join Date
    Sep 2004
    Posts
    44
    For that matter, every time (even when it appears as if I have the permissions to delete files and such), when I delete files half the time it looks like they are deleted, they go away and all, then I refresh and they are there again... why is this happening?

  3. #3
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766
    You're trying to comprehend the whole picture at once, and for a novice just learning the ropes of groups and permissions, it can be a daunting task.

    Break it down into easier bites.

    First thing to remember is your permissions are inherited downward through the directory tree. Anything you grant in one directory, will be inherited through each subdirectory.

    Let's say we have 4 directories we need to work with. They're all on the same level in the directory structure. We'll call them:

    Finance
    Personnel
    Data
    Forms

    And we have 4 groups, Finance, HR, Bosses, and Flunkies

    Bosses get access to everything.
    Finance needs access to Finance, Forms, and Data
    HR needs access to Personnel, Forms, and Data
    Flunkies need access to Data and Forms.

    Now it's just a matter of assigning the permissions to each group, which should be easy at this point.

    The thing to remember, is you need to pay close attention to what each group has access to. As you can assign an individual to multiple usergroups, you could easily grant access to something you don't want them to have.

    What you need to do at this point is ensure that each group can read and write to all files in that particular directory. Make sure you assign based on group membership, rather than individuals, as you won't be able to modify something that another user has placed in there.
    Registered Linux user #384279
    Vector Linux SOHO 7

  4. #4
    Just Joined!
    Join Date
    Sep 2004
    Posts
    44
    But how can more than one group be assigned to a folder?

  5. #5
    Linux Newbie
    Join Date
    Jun 2005
    Location
    Whitstable, Kent, England
    Posts
    136
    Only one group can be assigned to a directory but a user can be added to multiple groups. Let me show this based on the first example:

    First create a group for each of these directories:
    cat bed => catbed
    dog house => doghouse
    owner house => ownerhouse
    food => food

    Then add users to the required groups:
    food => food
    cats => catbed
    dogs => doghouse
    owners => catbed, doghouse, ownerhouse, food


    Hope that makes sense
    The biggest security threat is the user.

  6. #6
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766
    Quote Originally Posted by Xenon
    Only one group can be assigned to a directory but a user can be added to multiple groups. Let me show this based on the first example:
    When using ACL, multiple groups can be assigned to a directory. Here's a detailed guide on using ACL.
    Registered Linux user #384279
    Vector Linux SOHO 7

  7. #7
    Linux Newbie
    Join Date
    Jun 2005
    Location
    Whitstable, Kent, England
    Posts
    136
    Ta for that, I've learnt something new
    The biggest security threat is the user.

  8. #8
    Just Joined!
    Join Date
    Sep 2004
    Posts
    44
    So is this ACL a default function, or is it an add-on that someone has created? I mean, I haven't seen any GUI for this... and for that matter, is it a SUSE only thing? Sorry if these questions seem inane, I am an absolute linux newbie.

    Beyond that, any idea as to the second part of my original post, regarding the non-theoretical stuff?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •