Linux users permissions

Posted on

Problem :

I have to do the following as homework (on Fedora):

  • Make 3 groups S,F,A
  • add some users to the groups
  • Make a file for each group which only the group members can use.

I logged as root and make in desktop a mkdir S F A and with chmod I give wrx in folder and with chgrp give the group A in dir A , but if I log in with a user from group A I cannot see the dir A in desktop, what i doing wrong?

Also, if I have a folder which can only be accessed by members of its group, can I create a subfolder in it and give access to the subfolder to users who are not in the parent folder’s group?

Solution :

The Desktop in Gnome (which I assume you are using) is a subdirectory of the user’s $HOME, specifically $HOME/Desktop. So, if you log in as root and create a file or folder on root’s Desktop, other users will not see it on their desktop. Also, root’s $HOME is not accessible to normal users by default.

Instead of creating the directory in root’s Desktop, create it in, for example, user A’s Desktop.

Now, once you have the folders set up, if you want to give access to a subfolder to users who are not in the parent folders group, you will need to allow execution (not read or write) of the parent folder. The only way to access a subfolder is by having execution rights on ts parent. For example, run these commands as root:

  1. Create a folder and give rwx rights to the owner and members of its group, and only x permissions to everyone else:

    mkdir /foo
    chmod 771 /foo/
  2. Create a subdirectory of /foo that will be freely accessible to everyone and create a test file in it:

    mkdir /foo/bar
    chmod 777 /foo/bar/
    touch /foo/bar/file.txt
    chmod 766 /foo/bar/file.txt

This is what we have created so far:

# ls -l / | grep foo
drwxrwx--x   3 root root  4096 Apr 16 14:31 foo
# ls -l /foo
drwxr--r-- 2 root root 4096 Apr 16 14:31 bar
# ls -l /foo/bar
-rwxrw-rw- 1 root root 0 Apr 16 14:47 file.txt

So, if I now log in with a user not in root‘s group, I will not be able to read or write to /foo but I will be able to read and write to /foo/bar:

$ whoami
$ groups
$ ls /foo
ls: cannot open directory /foo/: Permission denied
$ ls /foo/bar

So, to give any kind (read,write or execute) access to a subdirectory, you need to at least have execution rights on the parent folder.

Leave a Reply

Your email address will not be published. Required fields are marked *