By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
464,420 Members | 1,219 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 464,420 IT Pros & Developers. It's quick & easy.

Group Permissions for Files

Colloid Snake
100+
P: 144
Hello-

I am attempting to lock down a server I am working on, and the one thing I'm stuck at is modifying permissions for files. I can change the owner, group, and general users portion (and the file I am currently looking at has a rwxr-x--- permissions), but I was wondering how to associate that file to a group - make it so those permissions apply to a certain group. Is that based on the groups the owner of the file is in?

Any help on this would be appreciated,

~Snake
Jan 14 '08 #1
Share this Question
Share on Google+
3 Replies

prn
Expert 100+
P: 254
prn
Hi Snake,

You're close. The group permissions are generally permissions applicable to the group that the owner belongs to. If the owner is in group "staff" and sets group permissions to allow read access, then other members of "staff" can read the files.

It's actually a bit more complicated than that, though. Files have an individual owner and a group owner. The group may or may not have any real connection to the individual owner, but that is the most common case. When you do a directory in the "long" form (ls -l) both the owner (user) and the group are displayed. Root can chgrp the files so that some group that the owner doesn't even belong to is the relevant group, but that is unusual.

Secondary groups are often the main way of setting group-type permissions in *ix. Set up a non-user "owner" for a set of files and add the appropriate users to the same group. For example, we have an application "matlab" with a license agreement that specifies that only certain types of users should be able to use it. So we create a dummy user "matlab" to own the files, and a group "mlgroup" (I gave the group a different name from the owner just for illustration. It would work just as well if the group is named "matlab" and that is, as often as not, how actual installations set it up.) and then grant membership in the "mlgroup" to the appropriate users. If the directory "/usr/local/matlab" where matlab resides is set as 770 then the owner and other members of the mlgroup will have full access and others will have no access.

HTH,
Paul
Jan 14 '08 #2

Motoma
Expert 2.5K+
P: 3,237
Hello-

I am attempting to lock down a server I am working on, and the one thing I'm stuck at is modifying permissions for files. I can change the owner, group, and general users portion (and the file I am currently looking at has a rwxr-x--- permissions), but I was wondering how to associate that file to a group - make it so those permissions apply to a certain group. Is that based on the groups the owner of the file is in?

Any help on this would be appreciated,

~Snake
Hi Snake,

Users and Groups are a many to many relationship. Files to groups is a many to one relationship. That is to say, a file can belong to only one group, however, a group can have many files, while a user can be part of many groups, and a group can have many users.

chgrp and chown are two ways to change the group that a file belongs to.

Motoma
Jan 15 '08 #3

Colloid Snake
100+
P: 144
Thanks guys. I thought I did that, but it was set up by user before the user was associated with the group (though by the same name as the group), so I will try it again.

Thanks!
Jan 15 '08 #4

Post your reply

Sign in to post your reply or Sign up for a free account.