The importance of permissions

I’m learning the importance of permissions across groups as I work more with different distros on the same network. It’s not anything I had done much with in the past — if you use the same distro and the same user name and the same user identity, chances are everything will mesh perfectly without your effort.

But, just as an example, there is a slight difference in the way Arch and Crux assign user names and identities. You can check the information on your user identity with the id command, like this.

id kmandla

The output of that command on my Arch machine, which is the “server” for the network, is this:

uid=1000(kmandla) gid=101(kmandla) groups=101(kmandla),4(adm),10(wheel),91(video),92(audio),93(optical),95(storage),100(users)

But on my Crux machine, it’s slightly different.

uid=100(kmandla) gid=100(users) groups=4(adm),6(disk),10(wheel),16(audio),17(video),21(cdrom)

Some of those groups exist between systems, but some don’t. All of those were set or made by me, when I built the user accounts on each machine.

The problem is that just assigning the user name “kmandla” to both machines doesn’t give me access to files and folders across the network. As you can see, the uid’s for each system is different — kmandla is 1000 in Arch (I think it’s the same in Ubuntu too; I forget), but 100 in Crux, and as a result if I try to access my own files or folders on another machine, I am denied. :shock:

The easy solution (aside from rebuilding each account to be mirror images, which sounds like a lot of extra work to me) is to rely on group 100 — users — to allow myself to use and access files between machines. In other words, rather than set my own files to be owned by kmandla:kmandla, I set them to kmandla:users, like this.

chown kmandla:users file.txt

Then make sure the group has access permission to the file, for reading, writing or executing, as is appropriate. And remember that “executing” a directory means you’re allowed to move into it — it can be a little frustrating if you forget that.

chmod g+rwx folder

You could also mess with the “others” setting in your file permissions, but I prefer to leave that as inaccessible, even just as a learning exercise. I suppose you could just arbitrarily change the entire folder tree and everything in it to 777 (read, write and execute across every user, group and other field), but that strikes me as vaguely unnecessary.

Anyway, that’s how I handle that little cross-distro quirk. If I rebuild both machines in the future I’ll probably take the added step of assigning both users to the same uid, hopefully avoiding the issue altogether. But for now, if there’s a better or easier way, please let me know.

About these ads

4 Responses to “The importance of permissions”


  1. 1 linuxcrayon 2008/03/19 at 1:27 PM

    Wouldn’t that cause problems if you had multiple users on said network with files on different computers (for one reason or another) under the same account name? You wouldn’t want every user in the group “users” to have access to each other’s files…only to their own. So wouldn’t it be better to make the uid consistent?

    I’m not sure if I’m explaining my thoughts well enough, but I hope you understand what I mean.

  2. 2 linuxcrayon 2008/03/19 at 1:33 PM

    I forgot to mention how you could change the uid. It’s very easy. The command is the usermod command with the following syntax:

    usermod -u [uid] [user name]

    where ‘uid’ is the new uid and ‘user name’ is the name of the user you wish to alter. So in your case, it would be as simple as the following:

    usermod -u 1000 kmandla

    This seems to be a much easier method than what you described above. I don’t know if it would work properly or not (I’m still a Linux infant), but it’s an idea.

  3. 3 K.Mandla 2008/03/19 at 3:16 PM

    I think you’re right: That might also be a solution. I’m also kind of new to this.

    On my end the problem is complicated by the fact that I have files scattered across that drive that were made by one or the other system (I probably should have mentioned that in my description). Just swapping the uid for one system makes another set of files inaccessible again.

    I guess I could take a more aggressive approach, align the uid’s on both machines, then make a grand sweeping chown for everything in there, and that should fix it too. Thanks for that idea. :)

  4. 4 linuxcrayon 2008/03/20 at 7:25 AM

    I’m new too. Very new. But it sounds like one ugly mess (no offense). I would probably feel so intimidated by the task that I would just format everything and reinstall. :D


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Welcome!



Visit the Wiki!

Some recent desktops


May 6, 2011
Musca 0.9.24 on Crux Linux
150Mhz Pentium 96Mb 8Gb CF
 


May 14, 2011
IceWM 1.2.37 and Arch Linux
L2300 core duo 3Gb 320Gb

Some recent games


Apr. 21, 2011
Oolite on Xubuntu 11.04
L2300 core duo 3Gb 320Gb

Enter your email address to subscribe to this blog and receive notifications of new posts.

Join 405 other followers

License

This work is licensed under the GNU Free Documentation License. Please see the About page for details.

Blog Stats

  • 3,960,988 hits

Archives


Follow

Get every new post delivered to your Inbox.

Join 405 other followers

%d bloggers like this: