Linux user and group managment

[SpooF]

June 24th, 2009, 2:59 pm

I've never really worked with user and group management on linux. I've always been the only person working on my server. Now I'm managing a small server for a friend and he was a few programmers that go in an work on his projects. I want to put them in a group called programmers and make it so my user has full access to all there files, but keep them out of my files.

How would I go about setting that up?

I know when ever a user creates a file they can give certain access to, user, group or other. If I put a user in the group programmers then if they set a file to chmod x7x then the programmers group should be able to read, write and execute right? Is there anyway I can make it so I can always access there files even if they restrict group access?

June 24th, 2009, 4:21 pm

If you are creating the groups, then you have to be root which is the same as administrator in Windows. If the files in the programmers group are 775, then you as root & they as part of the group can rwx the files.

If your friend isn't giving you root access, I don't know how he can expect you to manage the server.

[SpooF]

June 24th, 2009, 5:06 pm

I have completely root access, but I've blocked out the root user from ssh and I run on my own account and I'm part of the wheel group. Basically what I want to be able to do is manage all the users on the server via my account. Right now I'm adding my user account and their user account to the group named after their user account. So something like:

spoof:x:500:spoof
demo_user:x:501:demo_user,spoof

I believe this should give me access to any file that is owned by the demo_user group if it has the proper permissions set.

June 24th, 2009, 6:39 pm

When you ssh to the server, run su root. It will ask for the password. Enter the password & you will be root.

June 25th, 2009, 6:37 am

SpooF wrote:

Right now I'm adding my user account and their user account to the group named after their user account. So something like:

spoof:x:500:spoof
demo_user:x:501:demo_user,spoof

I believe this should give me access to any file that is owned by the demo_user group if it has the proper permissions set.

So you're saying you are adding your own username to the same group as the programmers usernames? That should work if you wanted to manipulate the files and stuff. I think I'd make that group my primary group just so the permissions don't get messed up and other users in that group can't access them because they belong to a different group.

But what I would do instead of su'ing to root would be to add your own username to the sudoers file, then when you need root access you can use sudo and it will keep the permissions and stuff without making root:root the owner.

[UPSGuy]

June 25th, 2009, 6:39 am

Quote:

what I would do instead of su'ing to root would be to add your own username to the sudoers file

Second that. We use that approach here at work to grant limited access to devs who need to run down logs and the like on production machines. Works well.

[SpooF]

June 25th, 2009, 9:22 am

I sudo to do most of my work, if not all that require super user privileged. Theres only been a few times that I've used su.

Right now what I did was setup a group called websites, and put all the programmers into that group, that way I can create a file and make the user owner myself and the group websites if i want them to be able to work with it. It also allows me to restrict files if I want.

June 25th, 2009, 9:34 am

That seems like the best way, it is simple enough that it can't go wrong.