The importance of permissions

I’m learning the importance of permissions across groups as I work more with different distros on the same network. It’s not anything I had done much with in the past — if you use the same distro and the same user name and the same user identity, chances are everything will mesh perfectly without your effort.

But, just as an example, there is a slight difference in the way Arch and Crux assign user names and identities. You can check the information on your user identity with the id command, like this.

id kmandla

The output of that command on my Arch machine, which is the “server” for the network, is this:

uid=1000(kmandla) gid=101(kmandla) groups=101(kmandla),4(adm),10(wheel),91(video),92(audio),93(optical),95(storage),100(users)

But on my Crux machine, it’s slightly different.

uid=100(kmandla) gid=100(users) groups=4(adm),6(disk),10(wheel),16(audio),17(video),21(cdrom)

Some of those groups exist between systems, but some don’t. All of those were set or made by me, when I built the user accounts on each machine.

The problem is that just assigning the user name “kmandla” to both machines doesn’t give me access to files and folders across the network. As you can see, the uid’s for each system is different — kmandla is 1000 in Arch (I think it’s the same in Ubuntu too; I forget), but 100 in Crux, and as a result if I try to access my own files or folders on another machine, I am denied. 😯

The easy solution (aside from rebuilding each account to be mirror images, which sounds like a lot of extra work to me) is to rely on group 100 — users — to allow myself to use and access files between machines. In other words, rather than set my own files to be owned by kmandla:kmandla, I set them to kmandla:users, like this.

chown kmandla:users file.txt

Then make sure the group has access permission to the file, for reading, writing or executing, as is appropriate. And remember that “executing” a directory means you’re allowed to move into it — it can be a little frustrating if you forget that.

chmod g+rwx folder

You could also mess with the “others” setting in your file permissions, but I prefer to leave that as inaccessible, even just as a learning exercise. I suppose you could just arbitrarily change the entire folder tree and everything in it to 777 (read, write and execute across every user, group and other field), but that strikes me as vaguely unnecessary.

Anyway, that’s how I handle that little cross-distro quirk. If I rebuild both machines in the future I’ll probably take the added step of assigning both users to the same uid, hopefully avoiding the issue altogether. But for now, if there’s a better or easier way, please let me know.


4 thoughts on “The importance of permissions

  1. linuxcrayon

    Wouldn’t that cause problems if you had multiple users on said network with files on different computers (for one reason or another) under the same account name? You wouldn’t want every user in the group “users” to have access to each other’s files…only to their own. So wouldn’t it be better to make the uid consistent?

    I’m not sure if I’m explaining my thoughts well enough, but I hope you understand what I mean.

  2. linuxcrayon

    I forgot to mention how you could change the uid. It’s very easy. The command is the usermod command with the following syntax:

    usermod -u [uid] [user name]

    where ‘uid’ is the new uid and ‘user name’ is the name of the user you wish to alter. So in your case, it would be as simple as the following:

    usermod -u 1000 kmandla

    This seems to be a much easier method than what you described above. I don’t know if it would work properly or not (I’m still a Linux infant), but it’s an idea.

  3. K.Mandla Post author

    I think you’re right: That might also be a solution. I’m also kind of new to this.

    On my end the problem is complicated by the fact that I have files scattered across that drive that were made by one or the other system (I probably should have mentioned that in my description). Just swapping the uid for one system makes another set of files inaccessible again.

    I guess I could take a more aggressive approach, align the uid’s on both machines, then make a grand sweeping chown for everything in there, and that should fix it too. Thanks for that idea. 🙂

  4. linuxcrayon

    I’m new too. Very new. But it sounds like one ugly mess (no offense). I would probably feel so intimidated by the task that I would just format everything and reinstall. 😀


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s