Tag Archives: permission

Linux : read write permission for group and apache

Situation : I need a group of developers  and apache  to have reads/writes permission on a folder in /var/www/html/foldername

 

Solution :

  • create users and a group

    #useradd develone
    #useradd develtwo
    #groupadd developergroup
     
  • Append “apache” and 2 users to “developergroup”

    #usermod -a -G developergroup apache
    #usermod -a -G developergroup develone
    #usermod -a -G developergroup develtwo
     
  • Set ownership and gid to “foldername”

    #chown apache:developergroup foldername
    #chmod 775 foldername
    #chmod g+s foldername

 

done. tested on CentOS 6.5 machine with ~50 users/developers

 

Advertisements

Linux – setuid, setgid and sticky bit

setuid ( or setguid)  permission on a file means that the file will run as the user (or group) of the file, not as the user who ran that file.

setguid -on directory means that files created in the directory will inherit the group affiliation from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories.

stickybit – mainly for directory as sets a special restriction on deletion of files: only owner of the file (and root) can delte files within the directory.

Special Permission Effect on Files Effect on Directories
u+s (suid) File executes as the user that owns the file, not the user that ran that file
g+s (sgid) Files executes as the group that owns the file Files newly created in the dir have their group owner set to match the group owner of the dir.
o+t (sticky) user with write permission on the dir can only remove files that they own, they cannot remove files owned by other users

number alias : suid (4) sgid (2) sticky(1)

When we implement these permissions ,we get the below symbols in permissions field :
Permissions
Meaning
–S—— SUID is set, but user (owner) execute is not set.
–s—— SUID and user execute are both set.
—–S— SGID is set, but group execute is not set.
—–s— SGID and group execute are both set.
——–T Sticky bit is set, bot other execute is not set.
——–t Sticky bit and other execute are both set.

Assign  suid to a File : # chmod  u+s testfile.txt OR #  chmod 4750  testfile.txt

SGID Example : # chmod g+s OR # chmod 2750 

StickyBit Example :  # chmod o+t /opt/ftp-data  or # chmod +t /opt/ftp-data OR # chmod 1757 /opt/ftp-data

 

reference : http://foralllinux.blogspot.com/2013/04/set-setuid-setgid-and-sticky-bit-in.html & Red Hat Sys Admin 1 (student workbook)