Confused: owner-group-others

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
2357

Confused: owner-group-others

Post by 2357 »

Apologies if this is the wrong forum but it didn't quite seem to fit with the other topics in the Newbie Questions forum, if only because I am being so verbose. I am, however, most definitely a newbie. My problem seems to be in understanding the owner, group, others designations of files and directories and especially the group designation. I can understand how dave or mary (computer users with accounts on the machine) or root or www-data can be owners but how can they be used as group names as well? To me the name of an owner can't/shouldn't be allowed to be also the name of a group, so to speak.

For example, if I am in the sales department of a company and I create a file (so I'm the owner) that I want other sales people to be able to read and write to I will have to create a group, give it a name such as 'sales', and assign all the sales staff to it and give that group the necessary permissions. This is how I conceive of it working. But I think I'm wrong because I find owners or the names of owners are also used as groups or names of groups.

Or, to rephrase the question, my name is 'don' so there are many files on my system, in my home directory, owned by me and which also belong to a group called 'don'.

e.g.

Code: Select all

-rw-r--r-- 1 don don    17 Aug  2 22:21 abc.txt
How do I invite another user into the group 'don' so that they can read (but not write to) this file called abc.txt?

My conception is wrong somewhere, I'm sure :evil: . I know from experience other users can read the file (that's what the permissions say - users belonging to 'don'(?) can read but not write or execute.

I understand that there is more to understand (e.g. how directory permissions work and security bits, etc) but I would really like some help to understand owners and groups on a conceptual level.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
User avatar
karlchen
Level 23
Level 23
Posts: 18238
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Confused: owner-group-others

Post by karlchen »

Hello, 2357.

When a new user is created on Linux Mint, name him don, Linux Mint will create user don and a new group named don as well. The only member of group don is user don.
There is no conflict between user don and group don, because user don is listed in the file /etc/passwd, group don is listed in the file /etc/group.
Except for the group don, which is his primary group, user don will be member of a few other groups as well. In a terminal window type id and press the enter key. You will be displayed the ID details of your account don.

As any user can be a member of more than one group, you can invite, rather add, other users to the group don. Use the Mint Menu item "Users and Groups" for this purpose. It should be found inside the "System Settings".

As your files have got the permissions rw-r--r-- (owner don: read-write, members of group don: read, rest of the world: read) there is no real need to add anybody to the group don, because all other users on your system are "others". And "others" are allowed to read, too. In this case being member of the group don or not does not make a difference.
Yet, you will frequently see permissions like these rw-r-----: owner: read-write goup: read others:nothing. With such permissions others (the rest of the world) have got no access at all.
(There is one exception: User root will always be able to read and write anything.)

The Linux Mint perspective is pretty simple: owner of an object - the group - the rest of the world (others).

HTH,
Karl
Image
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Top
altair4
Level 20
Level 20
Posts: 11461
Joined: Tue Feb 03, 2009 10:27 am

Re: Confused: owner-group-others

Post by altair4 »

My only caution would be that you really don't want to add anyone to your primary group since that may give them write access ( depending on the permissions ) to a whole mess of stuff you own.

Instead:

** Create a new group: sales
** Add yourself and anyone else you choose to the sales group
** Change the group of the shared folder to: sales
** And change permissions allowing members of the sales group to write ( add files to ) the folder.

But as karlchen just noted based on your requirement:
How do I invite another user into the group 'don' so that they can read (but not write to) this file called abc.txt?
You don't have to "invite" anyone to the "don" group since your file is world readable anyway. The only thing that would mess that up is if you encrypted your home directory if that's where the file exists.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
Top
2357

Re: Confused: owner-group-others

Post by 2357 »

Thanks very much karichen and Altair4 for your replies. You've shone some very helpful light on some salient aspects I was not aware of and I can explore these and see where they lead.

So, just as when a new user is added to the system...

**when a user creates a new file that file will belong to the user and the file will also belong to or be assigned to a group which is the primary group of that user (also of the same name as the username).

**You can have groups which are named the same as a user or owner of a file and groups which are not. It is good practice, if you are giving others access to a shared directory, to create another group
other than the primary group of the user/owner. This is in case your permissions are set for that primary group in such a way as to allow members access to other directories the primary group can access also.

My use of a sales team scenario perhaps did not help my cause as it couldn't be further from my reality. And I definitely chose a poor file permissions example to use where group and others permissions were the same.

In fact my problem arose when I took the website I built off-line on a windows machine and put it live onto a linux server. My website uses PHP (I wrote) to take user input to either add content to existing pages or create new webpages which can then take user input to add content to existing webpages. It's an incredibly rudimentary, amateurish, rambling server-side script which I'm quite proud to have worked out myself in my spare time. However because I didn't or don't yet understand permissions the website security was appallingly lacking and the site eventually fell to what I suspect might have been a cross-site scripting attack. Great fun!

I have my website up and running locally on my Linux system. I had to be logged in as root to copy the files to /var/www and then I had to change the ownership of /var/www and all files and folders recursively by using

Code: Select all

chown -vR www-data:www-data www
I think this is the name the apache server uses for owner and group.

So far so good. But occassionally I want to manually add pages (as root)(which contain php scripts which create new pages or new content in existing pages) and this is where the scripts stop working because of the conflicting file permissions I think, well the php error reports mention permissions...

I've bogged myself down again in particulars. My original request was for help in a general/conceptual understanding of permissions and groups...

I can tackle these particulars afresh armed with the new insights you have provided me with. Perhaps even take the website live again. Thanks again! :D
Top
Locked

Return to “Chat about Linux”