Linux user and group managment

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

I've never really worked with user and group management on linux. I've always been the only person working on my server. Now I'm managing a small server for a friend and he was a few programmers that go in an work on his projects. I want to put them in a group called programmers and make it so my user has full access to all there files, but keep them out of my files.

How would I go about setting that up?

I know when ever a user creates a file they can give certain access to, user, group or other. If I put a user in the group programmers then if they set a file to chmod x7x then the programmers group should be able to read, write and execute right? Is there anyway I can make it so I can always access there files even if they restrict group access?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

If you are creating the groups, then you have to be root which is the same as administrator in Windows. If the files in the programmers group are 775, then you as root & they as part of the group can rwx the files.

If your friend isn't giving you root access, I don't know how he can expect you to manage the server.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

I have completely root access, but I've blocked out the root user from ssh and I run on my own account and I'm part of the wheel group. Basically what I want to be able to do is manage all the users on the server via my account. Right now I'm adding my user account and their user account to the group named after their user account. So something like:

spoof:x:500:spoof
demo_user:x:501:demo_user,spoof

I believe this should give me access to any file that is owned by the demo_user group if it has the proper permissions set.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

When you ssh to the server, run su root. It will ask for the password. Enter the password & you will be root.
  • kc0tma
  • o|||||||o
  • Web Master
  • User avatar
  • Posts: 3318
  • Loc: Trout Creek, MT

Post 3+ Months Ago

SpooF wrote:
Right now I'm adding my user account and their user account to the group named after their user account. So something like:

spoof:x:500:spoof
demo_user:x:501:demo_user,spoof

I believe this should give me access to any file that is owned by the demo_user group if it has the proper permissions set.



So you're saying you are adding your own username to the same group as the programmers usernames? That should work if you wanted to manipulate the files and stuff. I think I'd make that group my primary group just so the permissions don't get messed up and other users in that group can't access them because they belong to a different group.

But what I would do instead of su'ing to root would be to add your own username to the sudoers file, then when you need root access you can use sudo and it will keep the permissions and stuff without making root:root the owner.
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

Quote:
what I would do instead of su'ing to root would be to add your own username to the sudoers file


Second that. We use that approach here at work to grant limited access to devs who need to run down logs and the like on production machines. Works well.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

I sudo to do most of my work, if not all that require super user privileged. Theres only been a few times that I've used su.

Right now what I did was setup a group called websites, and put all the programmers into that group, that way I can create a file and make the user owner myself and the group websites if i want them to be able to work with it. It also allows me to restrict files if I want.
  • kc0tma
  • o|||||||o
  • Web Master
  • User avatar
  • Posts: 3318
  • Loc: Trout Creek, MT

Post 3+ Months Ago

That seems like the best way, it is simple enough that it can't go wrong.

Post Information

  • Total Posts in this topic: 8 posts
  • Users browsing this forum: No registered users and 37 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.