How to interpret group permission?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
My current understanding is when a user A creates a file F, this user becomes the file owner, and can also set a permission for whatever group this user would end up being in.
So when user A is in group G, every single member of G would have the permission user A initially set up for file F. Same goes for group G1, G2..... of which A is a member.
But A could not possibly foresee who will be in the same group he or she would be in also, and what kind of group he would be placed into, a predetermined permission seems risky, even though it can be changed. so my understanding seems very naive.
Really appreciate anyone's help.
linux permissions
asked Aug 11 at 12:45
John Smith Sr.
1012
add a comment |Â
up vote
0
down vote
favorite
My current understanding is when a user A creates a file F, this user becomes the file owner, and can also set a permission for whatever group this user would end up being in.
So when user A is in group G, every single member of G would have the permission user A initially set up for file F. Same goes for group G1, G2..... of which A is a member.
But A could not possibly foresee who will be in the same group he or she would be in also, and what kind of group he would be placed into, a predetermined permission seems risky, even though it can be changed. so my understanding seems very naive.
Really appreciate anyone's help.
linux permissions
asked Aug 11 at 12:45
John Smith Sr.
1012
This is where you have to trust your system's administrators to manage the groups correctly. Unfortunately, I've seen cases, especially when joined to Active Directory, where a single group contains every user and this is the default group. Usually this happens when Windows admins are designing AD and Linux admin have to live with the results.
– Doug O'Neal
Aug 11 at 18:11
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
My current understanding is when a user A creates a file F, this user becomes the file owner, and can also set a permission for whatever group this user would end up being in.
So when user A is in group G, every single member of G would have the permission user A initially set up for file F. Same goes for group G1, G2..... of which A is a member.
But A could not possibly foresee who will be in the same group he or she would be in also, and what kind of group he would be placed into, a predetermined permission seems risky, even though it can be changed. so my understanding seems very naive.
Really appreciate anyone's help.
linux permissions
asked Aug 11 at 12:45
John Smith Sr.
1012
My current understanding is when a user A creates a file F, this user becomes the file owner, and can also set a permission for whatever group this user would end up being in.
So when user A is in group G, every single member of G would have the permission user A initially set up for file F. Same goes for group G1, G2..... of which A is a member.
But A could not possibly foresee who will be in the same group he or she would be in also, and what kind of group he would be placed into, a predetermined permission seems risky, even though it can be changed. so my understanding seems very naive.
Really appreciate anyone's help.
linux permissions
linux permissions
asked Aug 11 at 12:45
John Smith Sr.
1012
asked Aug 11 at 12:45
John Smith Sr.
1012
asked Aug 11 at 12:45
John Smith Sr.
1012
asked Aug 11 at 12:45
John Smith Sr.
1012
asked Aug 11 at 12:45
John Smith Sr.
1012
1012
This is where you have to trust your system's administrators to manage the groups correctly. Unfortunately, I've seen cases, especially when joined to Active Directory, where a single group contains every user and this is the default group. Usually this happens when Windows admins are designing AD and Linux admin have to live with the results.
– Doug O'Neal
Aug 11 at 18:11
add a comment |Â
This is where you have to trust your system's administrators to manage the groups correctly. Unfortunately, I've seen cases, especially when joined to Active Directory, where a single group contains every user and this is the default group. Usually this happens when Windows admins are designing AD and Linux admin have to live with the results.
– Doug O'Neal
Aug 11 at 18:11
This is where you have to trust your system's administrators to manage the groups correctly. Unfortunately, I've seen cases, especially when joined to Active Directory, where a single group contains every user and this is the default group. Usually this happens when Windows admins are designing AD and Linux admin have to live with the results.
– Doug O'Neal
Aug 11 at 18:11
This is where you have to trust your system's administrators to manage the groups correctly. Unfortunately, I've seen cases, especially when joined to Active Directory, where a single group contains every user and this is the default group. Usually this happens when Windows admins are designing AD and Linux admin have to live with the results.
– Doug O'Neal
Aug 11 at 18:11
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
On most Linuxes, at least as the out of the box default, a user's primary group is the same as their username, so this wouldn't be a problem since the group ownership of a new file would be for a group that no one will ever be in.
When servers are configured for new users to have a primary group that is shared, then we have the umask environmental variable to prevent any problems. This is what sets the default permissions of new files, and can be set per user. So user A might set his umask to 077, and then any new files he creates will have permissons of 700, meaning group members won't be able to do anything with it.
To expand on this a little, your umask is normally set as part of your initialization script - that is, the scripts that run when you log into a user account. You have two sets - your global profile script, which is most commonly /etc/profile or /etc/bashrc, and your local, which are stored under your home directory as .bashrc or .profile (the actual scripts used depend on your shell, these are just common for bash). When you log in, the relevant global script runs first, then the local script runs, and can override anything done by the global. So under .bashrc (or equivalent) you would simply have to append to the script, umask 077 to set the value to 077. You can also just run umask 077 to set the umask for the current session only.
answered Aug 11 at 12:54
Mella
213110
Great answer - thanks! I wonder if you might consider a wee edit to say howAgoes about setting hisumask?
– Seamus
Aug 11 at 15:03
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
add a comment |Â
up vote
1
down vote
When a new file is created, it has a single user (owner) and a single group associated with it. Even if user A is in multiple groups, the file can only be associated with one of those groups. You can confirm this with a simple ls -l. There is one user and one group for any file.
Hence, even if user A is added into a new group, this new group cannot access the file, and thus has no bearing on its permissions. The only way a new user could access it is if they are added to the initial owning group G… and if they have the level of access required to make that happen, then they would be able to access the file by other means anyway.
answered Aug 11 at 12:56
Sparhawk
8,41363488
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
@JohnSmithSr.Yes, with thechgrpcommand. You can change group ownership to any group that you belong to.
– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.chgrpwill change the file's groups retroactively. You can also change the default group for a particular user.
– Sparhawk
Aug 12 at 0:11
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
On most Linuxes, at least as the out of the box default, a user's primary group is the same as their username, so this wouldn't be a problem since the group ownership of a new file would be for a group that no one will ever be in.
When servers are configured for new users to have a primary group that is shared, then we have the umask environmental variable to prevent any problems. This is what sets the default permissions of new files, and can be set per user. So user A might set his umask to 077, and then any new files he creates will have permissons of 700, meaning group members won't be able to do anything with it.
To expand on this a little, your umask is normally set as part of your initialization script - that is, the scripts that run when you log into a user account. You have two sets - your global profile script, which is most commonly /etc/profile or /etc/bashrc, and your local, which are stored under your home directory as .bashrc or .profile (the actual scripts used depend on your shell, these are just common for bash). When you log in, the relevant global script runs first, then the local script runs, and can override anything done by the global. So under .bashrc (or equivalent) you would simply have to append to the script, umask 077 to set the value to 077. You can also just run umask 077 to set the umask for the current session only.
answered Aug 11 at 12:54
Mella
213110
Great answer - thanks! I wonder if you might consider a wee edit to say howAgoes about setting hisumask?
– Seamus
Aug 11 at 15:03
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
add a comment |Â
up vote
2
down vote
On most Linuxes, at least as the out of the box default, a user's primary group is the same as their username, so this wouldn't be a problem since the group ownership of a new file would be for a group that no one will ever be in.
When servers are configured for new users to have a primary group that is shared, then we have the umask environmental variable to prevent any problems. This is what sets the default permissions of new files, and can be set per user. So user A might set his umask to 077, and then any new files he creates will have permissons of 700, meaning group members won't be able to do anything with it.
To expand on this a little, your umask is normally set as part of your initialization script - that is, the scripts that run when you log into a user account. You have two sets - your global profile script, which is most commonly /etc/profile or /etc/bashrc, and your local, which are stored under your home directory as .bashrc or .profile (the actual scripts used depend on your shell, these are just common for bash). When you log in, the relevant global script runs first, then the local script runs, and can override anything done by the global. So under .bashrc (or equivalent) you would simply have to append to the script, umask 077 to set the value to 077. You can also just run umask 077 to set the umask for the current session only.
answered Aug 11 at 12:54
Mella
213110
Great answer - thanks! I wonder if you might consider a wee edit to say howAgoes about setting hisumask?
– Seamus
Aug 11 at 15:03
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
add a comment |Â
up vote
2
down vote
up vote
2
down vote
On most Linuxes, at least as the out of the box default, a user's primary group is the same as their username, so this wouldn't be a problem since the group ownership of a new file would be for a group that no one will ever be in.
When servers are configured for new users to have a primary group that is shared, then we have the umask environmental variable to prevent any problems. This is what sets the default permissions of new files, and can be set per user. So user A might set his umask to 077, and then any new files he creates will have permissons of 700, meaning group members won't be able to do anything with it.
To expand on this a little, your umask is normally set as part of your initialization script - that is, the scripts that run when you log into a user account. You have two sets - your global profile script, which is most commonly /etc/profile or /etc/bashrc, and your local, which are stored under your home directory as .bashrc or .profile (the actual scripts used depend on your shell, these are just common for bash). When you log in, the relevant global script runs first, then the local script runs, and can override anything done by the global. So under .bashrc (or equivalent) you would simply have to append to the script, umask 077 to set the value to 077. You can also just run umask 077 to set the umask for the current session only.
answered Aug 11 at 12:54
Mella
213110
On most Linuxes, at least as the out of the box default, a user's primary group is the same as their username, so this wouldn't be a problem since the group ownership of a new file would be for a group that no one will ever be in.
When servers are configured for new users to have a primary group that is shared, then we have the umask environmental variable to prevent any problems. This is what sets the default permissions of new files, and can be set per user. So user A might set his umask to 077, and then any new files he creates will have permissons of 700, meaning group members won't be able to do anything with it.
To expand on this a little, your umask is normally set as part of your initialization script - that is, the scripts that run when you log into a user account. You have two sets - your global profile script, which is most commonly /etc/profile or /etc/bashrc, and your local, which are stored under your home directory as .bashrc or .profile (the actual scripts used depend on your shell, these are just common for bash). When you log in, the relevant global script runs first, then the local script runs, and can override anything done by the global. So under .bashrc (or equivalent) you would simply have to append to the script, umask 077 to set the value to 077. You can also just run umask 077 to set the umask for the current session only.
answered Aug 11 at 12:54
Mella
213110
edited Aug 11 at 15:33
answered Aug 11 at 12:54
Mella
213110
answered Aug 11 at 12:54
Mella
213110
answered Aug 11 at 12:54
Mella
213110
213110
Great answer - thanks! I wonder if you might consider a wee edit to say howAgoes about setting hisumask?
– Seamus
Aug 11 at 15:03
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
add a comment |Â
Great answer - thanks! I wonder if you might consider a wee edit to say howAgoes about setting hisumask?
– Seamus
Aug 11 at 15:03
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
Great answer - thanks! I wonder if you might consider a wee edit to say how
A goes about setting his umask?– Seamus
Aug 11 at 15:03
Great answer - thanks! I wonder if you might consider a wee edit to say how
A goes about setting his umask?– Seamus
Aug 11 at 15:03
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
@seamus, I added it as requested. Let me know if I didn't explain it clearly.
– Mella
Aug 11 at 15:34
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
Perfect :) Thanks!
– Seamus
Aug 11 at 16:01
add a comment |Â
up vote
1
down vote
When a new file is created, it has a single user (owner) and a single group associated with it. Even if user A is in multiple groups, the file can only be associated with one of those groups. You can confirm this with a simple ls -l. There is one user and one group for any file.
Hence, even if user A is added into a new group, this new group cannot access the file, and thus has no bearing on its permissions. The only way a new user could access it is if they are added to the initial owning group G… and if they have the level of access required to make that happen, then they would be able to access the file by other means anyway.
answered Aug 11 at 12:56
Sparhawk
8,41363488
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
@JohnSmithSr.Yes, with thechgrpcommand. You can change group ownership to any group that you belong to.
– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.chgrpwill change the file's groups retroactively. You can also change the default group for a particular user.
– Sparhawk
Aug 12 at 0:11
add a comment |Â
up vote
1
down vote
When a new file is created, it has a single user (owner) and a single group associated with it. Even if user A is in multiple groups, the file can only be associated with one of those groups. You can confirm this with a simple ls -l. There is one user and one group for any file.
Hence, even if user A is added into a new group, this new group cannot access the file, and thus has no bearing on its permissions. The only way a new user could access it is if they are added to the initial owning group G… and if they have the level of access required to make that happen, then they would be able to access the file by other means anyway.
answered Aug 11 at 12:56
Sparhawk
8,41363488
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
@JohnSmithSr.Yes, with thechgrpcommand. You can change group ownership to any group that you belong to.
– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.chgrpwill change the file's groups retroactively. You can also change the default group for a particular user.
– Sparhawk
Aug 12 at 0:11
add a comment |Â
up vote
1
down vote
up vote
1
down vote
When a new file is created, it has a single user (owner) and a single group associated with it. Even if user A is in multiple groups, the file can only be associated with one of those groups. You can confirm this with a simple ls -l. There is one user and one group for any file.
Hence, even if user A is added into a new group, this new group cannot access the file, and thus has no bearing on its permissions. The only way a new user could access it is if they are added to the initial owning group G… and if they have the level of access required to make that happen, then they would be able to access the file by other means anyway.
answered Aug 11 at 12:56
Sparhawk
8,41363488
When a new file is created, it has a single user (owner) and a single group associated with it. Even if user A is in multiple groups, the file can only be associated with one of those groups. You can confirm this with a simple ls -l. There is one user and one group for any file.
Hence, even if user A is added into a new group, this new group cannot access the file, and thus has no bearing on its permissions. The only way a new user could access it is if they are added to the initial owning group G… and if they have the level of access required to make that happen, then they would be able to access the file by other means anyway.
answered Aug 11 at 12:56
Sparhawk
8,41363488
answered Aug 11 at 12:56
Sparhawk
8,41363488
answered Aug 11 at 12:56
Sparhawk
8,41363488
answered Aug 11 at 12:56
Sparhawk
8,41363488
8,41363488
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
@JohnSmithSr.Yes, with thechgrpcommand. You can change group ownership to any group that you belong to.
– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.chgrpwill change the file's groups retroactively. You can also change the default group for a particular user.
– Sparhawk
Aug 12 at 0:11
add a comment |Â
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
@JohnSmithSr.Yes, with thechgrpcommand. You can change group ownership to any group that you belong to.
– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.chgrpwill change the file's groups retroactively. You can also change the default group for a particular user.
– Sparhawk
Aug 12 at 0:11
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
thanks. Does that mean there is a way to change the default group a file is associated with when it is created?
– John Smith Sr.
Aug 11 at 14:25
@JohnSmithSr.Yes, with the
chgrp command. You can change group ownership to any group that you belong to.– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.Yes, with the
chgrp command. You can change group ownership to any group that you belong to.– Doug O'Neal
Aug 11 at 18:08
@JohnSmithSr.
chgrp will change the file's groups retroactively. You can also change the default group for a particular user.– Sparhawk
Aug 12 at 0:11
@JohnSmithSr.
chgrp will change the file's groups retroactively. You can also change the default group for a particular user.– Sparhawk
Aug 12 at 0:11
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461982%2fhow-to-interpret-group-permission%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
This is where you have to trust your system's administrators to manage the groups correctly. Unfortunately, I've seen cases, especially when joined to Active Directory, where a single group contains every user and this is the default group. Usually this happens when Windows admins are designing AD and Linux admin have to live with the results.
– Doug O'Neal
Aug 11 at 18:11