Permissions on Directory

[Michael42]

Hello, on a Solaris 5.6 system, as root I created the group Dev then added a user account and made Dev the Primay group for that user. I next (as root) created a directory /usr/dev then gave permissions via chgrp to Dev.

I can create files as root but not as a user in the Dev group. An ls -l shows that root is the owner and Dev is the group\owner. In vi I get permissioned denied errors if not root.

How can I give permissions to a directory via a group?

Thanks very much. Michael

 

[hornetbloke]

Have you actually checked that group members have write permissions on the directory? Sorry if I'm teaching you to suck eggs but I didn't see permissions on your original post.

 

[crasho2001]

Hi

For example this is your directory.

rwxr-x--- root Dev dev

If it is like this only root can write, if you change it to
rwxrwx--- root Dev dev
The Dev group users can write. To do it;
chmod 775 dev
it will be
rwxrwxr-x root Dev dev
Regards

 

[Michael42]

My directory only had -rw-r--r-- root dev.

After doing a chmod 775 dev (as root)
ls -l shows it as: drwxrwxr-x root dev

If I create the file "test3" as root is shows up as:
-rw-r--r-- 2 root dev

What am I missing? Should it not create it as drwxrwxr-x ?


Thanks for your help guys! Michael

 

[olded]

Michael:

Forgive for breaking into this thread, but when a file is created, it doesn't matter what the directory permissions are; it depends what the umask, file mode creation mask, is set to.

To see what your mask is, at the command line, just type umask, but I'd say yours is 022.

I'd read the man page on umask. I have to run to a meeting. Let me know if you need any further explanation.

Regards,

Ed

 

[Michael42]

You are correct on the umask.

Does umask set the permission mask for all files created in all directories on the system or just the current directory?

Thanks. Michael

 

[Michael42]

Perhaps I need a UNIX reality check:

0. usera and userb are in the dev group which own the dev directory (via chown root:dev dev).

1. As usera I created the file test.txt in my dev directory.
It was created as: -rw-r--r-- testa dev

2. As userb I attempted to change the permissions via
chown 775 test.txt
but received the error: WARNING cant change file.

I thought because both accounts are in the dev group (which owns the directory) they should be able to do this.


How can I configure multiple accounts to be able to change file attributes?

Thanks!!!



Michael

 

[Michael42]

Whoops typo on # 2 - I did a chmod 775 test.txt
Michael

 

[olded]

Michael:

1) According to your post, permissions on your file is:

-rw-r--r--

Since the group is read only, even if usera and userb are in the same group, they can't change the file permissions. The group needs write permission to do that:

-rw-rw-r--

2) Answering your other question: umask is set by user. Somewhere in the login process, sucha s in /etc/profile or the user's .profile, umask is set. You can also set the umask in shell scripts to control permissions.

Regards,

Ed

 

[Michael42]

Ed, thanks for your input. I am basically a Novell\WinNT Admin ramping up on UNIX. That being said, it would GREATLY assist me if I could get your take on:

1. What is the purpose of the Sun UNIX Primary Group.
2. What is the purpose for secondary groups.

Thanks for answering this seemingly no-brainer.


Michael

 

[olded]

Michael:

I'm not really a Unix admin, but here goes:

A user's primary group is the group used whenever a user creates an object such as a file:

touch somefile

ls -l sfile

-rw-rw-r-- 1 eds group 0 Aug 20 09:21 sfile

The default group id, not name, is the fourth field of the users entry in the /etc/passwd file. The group id and name is defined in /etc/group where the name and id are the 1st and 3rd fields respectively.

The idea of secondary groups (at least I think) is granting permissions to a specific user for other group priviledges. For example, I could add user eds to the root group in /etc/group:

root::0:root, eds

Is that a good idea? From a security stand-point, probably not.

Michael, there's probably a real Solaris admin out there who can give a better explanation than I.

Regards,

Ed