Saturday, May 22, 2010

Can a linux file have more then one owner or group?

If I have a Linux script that I want group A and group B to be able to execute but not group C, how can this be done?

Can a linux file have more then one owner or group?
Yes, you can have as many groups as you like.





http://security.linux.com/article.pl?sid...
Reply:The SHORT answer:


================


Each file on a UNIX system can only have one owner and one group. But every file has three sets of permissons. There is nothing stopping you from setting up many groups so you can try to get just the right people allowed permissions to the files.





The easiest way to allow Group A and Group B to run a script but not Group C is to create UNIX groups as follows:





staff = all users


groupa = group A users


groupb = group B users


groupc = group C users


groupab = both group A and B users





You can then set the group ownerships to "groupab" for any script that you want group A and B to be able to run.








MORE DETAIL:


=============


All files in UNIX systems have three sets of permissions that you can configure to allow or deny users or user groups access. If you look at the settings using the "ls -l" command, you will see something like this:





-rwxr-xr-- root staff sample.file





The sample.file above is owned by the "root" user, and has "staff" group ownership. That first column of dashes and letters is actually showing you the permissions on the file.





Break up the 10 characters into four sets:





Set 1: The first character is used to tell you if the file is just a regular file (-), a directory (d), a symbolic link (l), or some other special type of file.





Set 2: The next three characters (rwx) tells you what permissions that the USER (in this case "root") has on the file. In this case, "rwx" means you can read, write, and execute this file.





Set 3: The middle three characters (columns 5,6,7) are for the GROUP permissions. This determines what any user who is a member of the "staff" group can do to the file. In my example, any staff member can read the file and execute it, but not write to it (r-x).





Set 4: The last three characters (r--) determine what OTHER users are allowed to do with the file. With this example, everyone is allowed to read the file, but cannot write to it or execute it.





The chmod, chown. and chgrp commands can be used to change the permissions or ownerships as required.
Reply:I think you have to create a group D and put everyone in Groups A and B into D.

dracaena
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)