Setting multiple groups as directory owners Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionAdd all users in one group to another group?Adding group permission to directory without changing group ownership?svn and webserver files ownershipsSubversion on Ubuntu server - setup issuesmultiple ftp user sharing common home directoryWebserver-User has no Shell-Access but needs SSH-Keys or Permission change of directory?Move multiple folders from one subversion repository to another subversion repositoryUnderstanding UNIX permissions and file typesLinux, SVN and Dropbox — Which directory should store my svn repository?Subversion server on ubuntu with mutiple repositories and checkout problemHow can I use ACL to give one user control over a directory and all its contentsNot able to upload as anonymous user in vsftpd
Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?
What is the escape velocity of a neutron particle (not neutron star)
Is it ethical to give a final exam after the professor has quit before teaching the remaining chapters of the course?
Why are there no cargo aircraft with "flying wing" design?
Fundamental Solution of the Pell Equation
Is the Standard Deduction better than Itemized when both are the same amount?
Why didn't Eitri join the fight?
Do I really need recursive chmod to restrict access to a folder?
Extracting terms with certain heads in a function
How do I make this wiring inside cabinet safer? (Pic)
Is there such thing as an Availability Group failover trigger?
What does "lightly crushed" mean for cardamon pods?
Can a new player join a group only when a new campaign starts?
Can anything be seen from the center of the Boötes void? How dark would it be?
Denied boarding although I have proper visa and documentation. To whom should I make a complaint?
Using et al. for a last / senior author rather than for a first author
Did MS DOS itself ever use blinking text?
Crossing US/Canada Border for less than 24 hours
How to answer "Have you ever been terminated?"
Fantasy story; one type of magic grows in power with use, but the more powerful they are, they more they are drawn to travel to their source
また usage in a dictionary
Generate an RGB colour grid
First console to have temporary backward compatibility
Is there any way for the UK Prime Minister to make a motion directly dependent on Government confidence?
Setting multiple groups as directory owners
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionAdd all users in one group to another group?Adding group permission to directory without changing group ownership?svn and webserver files ownershipsSubversion on Ubuntu server - setup issuesmultiple ftp user sharing common home directoryWebserver-User has no Shell-Access but needs SSH-Keys or Permission change of directory?Move multiple folders from one subversion repository to another subversion repositoryUnderstanding UNIX permissions and file typesLinux, SVN and Dropbox — Which directory should store my svn repository?Subversion server on ubuntu with mutiple repositories and checkout problemHow can I use ACL to give one user control over a directory and all its contentsNot able to upload as anonymous user in vsftpd
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
On my server I have directory /srv/svn.
Is it possible to set this directory to have multiple group ownerships, for instance devFirmA, devFirmB and devFirmC?
The point is, I want to subversion version control manage multiple users accross multiple repositories and I do not know how to merge /srv/svn, the root directory of repositories, permissions. I have, for instance, three firms, FirmA, FirmB and FirmC. Now, inside /srv/svn I've created three directories, FirmA, FirmB, FirmC and inside them I've created repository for each project and now I do not know how to establish permission scheme since all elementes inside /srv/svn are owned by root:root, which is not ok, or am I wrong?
permissions group subversion
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
add a comment |
On my server I have directory /srv/svn.
Is it possible to set this directory to have multiple group ownerships, for instance devFirmA, devFirmB and devFirmC?
The point is, I want to subversion version control manage multiple users accross multiple repositories and I do not know how to merge /srv/svn, the root directory of repositories, permissions. I have, for instance, three firms, FirmA, FirmB and FirmC. Now, inside /srv/svn I've created three directories, FirmA, FirmB, FirmC and inside them I've created repository for each project and now I do not know how to establish permission scheme since all elementes inside /srv/svn are owned by root:root, which is not ok, or am I wrong?
permissions group subversion
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
1
Do the firm groups access each others files? Or are they completely separate, other than sharing a parent directory?
– J. M. Becker
Apr 10 '15 at 23:39
@TechZilla firm group MUST Not access each others files, ther MUST be separated, only I must have access to all directories.
– KernelPanic
Apr 17 '15 at 9:57
OK, I posted the correct answer, you should not use ACLs for this. They are a last resort option, this problem is still a very common one.
– J. M. Becker
Apr 21 '15 at 20:05
add a comment |
On my server I have directory /srv/svn.
Is it possible to set this directory to have multiple group ownerships, for instance devFirmA, devFirmB and devFirmC?
The point is, I want to subversion version control manage multiple users accross multiple repositories and I do not know how to merge /srv/svn, the root directory of repositories, permissions. I have, for instance, three firms, FirmA, FirmB and FirmC. Now, inside /srv/svn I've created three directories, FirmA, FirmB, FirmC and inside them I've created repository for each project and now I do not know how to establish permission scheme since all elementes inside /srv/svn are owned by root:root, which is not ok, or am I wrong?
permissions group subversion
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
On my server I have directory /srv/svn.
Is it possible to set this directory to have multiple group ownerships, for instance devFirmA, devFirmB and devFirmC?
The point is, I want to subversion version control manage multiple users accross multiple repositories and I do not know how to merge /srv/svn, the root directory of repositories, permissions. I have, for instance, three firms, FirmA, FirmB and FirmC. Now, inside /srv/svn I've created three directories, FirmA, FirmB, FirmC and inside them I've created repository for each project and now I do not know how to establish permission scheme since all elementes inside /srv/svn are owned by root:root, which is not ok, or am I wrong?
permissions group subversion
permissions group subversion
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
edited Feb 17 '17 at 7:21
KernelPanic
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
asked Apr 10 '15 at 11:18
KernelPanicKernelPanic
45931230
45931230
1
Do the firm groups access each others files? Or are they completely separate, other than sharing a parent directory?
– J. M. Becker
Apr 10 '15 at 23:39
@TechZilla firm group MUST Not access each others files, ther MUST be separated, only I must have access to all directories.
– KernelPanic
Apr 17 '15 at 9:57
OK, I posted the correct answer, you should not use ACLs for this. They are a last resort option, this problem is still a very common one.
– J. M. Becker
Apr 21 '15 at 20:05
add a comment |
1
Do the firm groups access each others files? Or are they completely separate, other than sharing a parent directory?
– J. M. Becker
Apr 10 '15 at 23:39
@TechZilla firm group MUST Not access each others files, ther MUST be separated, only I must have access to all directories.
– KernelPanic
Apr 17 '15 at 9:57
OK, I posted the correct answer, you should not use ACLs for this. They are a last resort option, this problem is still a very common one.
– J. M. Becker
Apr 21 '15 at 20:05
1
1
Do the firm groups access each others files? Or are they completely separate, other than sharing a parent directory?
– J. M. Becker
Apr 10 '15 at 23:39
Do the firm groups access each others files? Or are they completely separate, other than sharing a parent directory?
– J. M. Becker
Apr 10 '15 at 23:39
@TechZilla firm group MUST Not access each others files, ther MUST be separated, only I must have access to all directories.
– KernelPanic
Apr 17 '15 at 9:57
@TechZilla firm group MUST Not access each others files, ther MUST be separated, only I must have access to all directories.
– KernelPanic
Apr 17 '15 at 9:57
OK, I posted the correct answer, you should not use ACLs for this. They are a last resort option, this problem is still a very common one.
– J. M. Becker
Apr 21 '15 at 20:05
OK, I posted the correct answer, you should not use ACLs for this. They are a last resort option, this problem is still a very common one.
– J. M. Becker
Apr 21 '15 at 20:05
add a comment |
5 Answers
5
active
oldest
votes
This is an extremely common problem, if I understand it accurately, and I encounter it constantly. If I used ACLs for every trivial grouping problem, I would have tons of unmanageable systems. They are using the best practice when you cannot do it any other way, not for this situation. This is the method I very strongly recommend.
First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask.
[ $UID -gt 10000 ] && umask 002
Next you need to set the directories to their respective groups,
chgrp -R FirmA /srv/svn/FirmA
chgrp -R FirmB /srv/svn/FirmB
chgrp -R FirmC /srv/svn/FirmC
Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID.
find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664
Now finally if you want to prevent the directories from being accessed by other users.
chmod 2770 /srv/svn/FirmA
chmod 2770 /srv/svn/FirmB
chmod 2770 /srv/svn/FirmC
edited 10 hours ago
Kevdog777
2,116123460
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
1
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
add a comment |
You can only have one group as owner.
However using access control lists you can define permissions for other groups.
Check if you have ACL installed issuing the command getfacl.
If your system hasn't ACL installed, install the command line tools which are in the acl package with: sudo apt-get install acl
With getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.
For example:
setfacl -m g:devFirmB:rwx /srv/svn/
Adds the group devFirmB with read, write, execute permissions to directory /srv/svn.
If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.
setfacl -m g:devFirmB:rwx /srv/svn/
setfacl -d -m g:devFirmB:rwX /srv/svn/
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
add a comment |
It is not possible to have a file owned by multiple Linux groups with traditional Unix permissions. (However, it is possible with ACL.)
But you might use the following workaround and create a new group (e.g. called devFirms) which will include all users of the groups devFirmA, devFirmB and devFirmC.
You create new user groups with:
sudo addgroup NEWGROUPNAME
First, you might have to install id-utils to get the lid-command:
sudo apt-get install id-utils
Then you can run the following line of code to easily copy all users of SOURCEGROUP to TARGETGROUP. Of course you have to run the command once for each group you want to copy. Don't forget to replace the capitalized place-holders with the actual group names.
for u in $(lid -g -n SOURCEGROUP); do sudo usermod -a -G TARGETGROUP $u; done
So in your case you would have to run the command (all lines at once):
sudo addgroup devFirms &&
for u in $(lid -g -n devFirmA); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmB); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmC); do sudo usermod -a -G devFirms $u; done
Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name (devFirms):
sudo adduser NEWUSER TARGETGROUP
Thanks to Justin Ethier for his answer at Unix&Linux.SE: Add all users of one group to another group?
edited Apr 13 '17 at 12:37
Community♦
1
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
add a comment |
No, this is not possible.
Each file (and so also directories) can only have one user and one group.
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
4
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
add a comment |
In order to provide different rights to multiple groups or users use the following commands (Tested on RHEL 6 & 7):
To make new owner of group:
setfacl -m g:<group_name>:<rights you want to give eg.rwx> -R <directory_name>
To check current acl settings:
getfacl <directory_name>
edited Jan 20 '16 at 8:03
Marco
766717
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f195466%2fsetting-multiple-groups-as-directory-owners%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is an extremely common problem, if I understand it accurately, and I encounter it constantly. If I used ACLs for every trivial grouping problem, I would have tons of unmanageable systems. They are using the best practice when you cannot do it any other way, not for this situation. This is the method I very strongly recommend.
First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask.
[ $UID -gt 10000 ] && umask 002
Next you need to set the directories to their respective groups,
chgrp -R FirmA /srv/svn/FirmA
chgrp -R FirmB /srv/svn/FirmB
chgrp -R FirmC /srv/svn/FirmC
Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID.
find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664
Now finally if you want to prevent the directories from being accessed by other users.
chmod 2770 /srv/svn/FirmA
chmod 2770 /srv/svn/FirmB
chmod 2770 /srv/svn/FirmC
edited 10 hours ago
Kevdog777
2,116123460
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
1
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
add a comment |
This is an extremely common problem, if I understand it accurately, and I encounter it constantly. If I used ACLs for every trivial grouping problem, I would have tons of unmanageable systems. They are using the best practice when you cannot do it any other way, not for this situation. This is the method I very strongly recommend.
First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask.
[ $UID -gt 10000 ] && umask 002
Next you need to set the directories to their respective groups,
chgrp -R FirmA /srv/svn/FirmA
chgrp -R FirmB /srv/svn/FirmB
chgrp -R FirmC /srv/svn/FirmC
Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID.
find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664
Now finally if you want to prevent the directories from being accessed by other users.
chmod 2770 /srv/svn/FirmA
chmod 2770 /srv/svn/FirmB
chmod 2770 /srv/svn/FirmC
edited 10 hours ago
Kevdog777
2,116123460
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
1
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
add a comment |
This is an extremely common problem, if I understand it accurately, and I encounter it constantly. If I used ACLs for every trivial grouping problem, I would have tons of unmanageable systems. They are using the best practice when you cannot do it any other way, not for this situation. This is the method I very strongly recommend.
First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask.
[ $UID -gt 10000 ] && umask 002
Next you need to set the directories to their respective groups,
chgrp -R FirmA /srv/svn/FirmA
chgrp -R FirmB /srv/svn/FirmB
chgrp -R FirmC /srv/svn/FirmC
Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID.
find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664
Now finally if you want to prevent the directories from being accessed by other users.
chmod 2770 /srv/svn/FirmA
chmod 2770 /srv/svn/FirmB
chmod 2770 /srv/svn/FirmC
edited 10 hours ago
Kevdog777
2,116123460
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
This is an extremely common problem, if I understand it accurately, and I encounter it constantly. If I used ACLs for every trivial grouping problem, I would have tons of unmanageable systems. They are using the best practice when you cannot do it any other way, not for this situation. This is the method I very strongly recommend.
First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask.
[ $UID -gt 10000 ] && umask 002
Next you need to set the directories to their respective groups,
chgrp -R FirmA /srv/svn/FirmA
chgrp -R FirmB /srv/svn/FirmB
chgrp -R FirmC /srv/svn/FirmC
Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID.
find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775
find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664
find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664
Now finally if you want to prevent the directories from being accessed by other users.
chmod 2770 /srv/svn/FirmA
chmod 2770 /srv/svn/FirmB
chmod 2770 /srv/svn/FirmC
edited 10 hours ago
Kevdog777
2,116123460
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
edited 10 hours ago
Kevdog777
2,116123460
edited 10 hours ago
Kevdog777
2,116123460
edited 10 hours ago
Kevdog777
2,116123460
2,116123460
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
answered Apr 21 '15 at 20:02
J. M. BeckerJ. M. Becker
3,46611737
3,46611737
1
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
add a comment |
1
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
1
1
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
Warning: this should work but removes execution permission bit on all files. This is okay if your directory tree only holds documents. If it contains executable files this will prevent execution, which may ruin your setup.
– Stéphane Gourichon
Sep 8 '16 at 8:43
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
This might be also a nice idea, but does not answer the question at all.
– ceving
Sep 13 '17 at 11:16
add a comment |
You can only have one group as owner.
However using access control lists you can define permissions for other groups.
Check if you have ACL installed issuing the command getfacl.
If your system hasn't ACL installed, install the command line tools which are in the acl package with: sudo apt-get install acl
With getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.
For example:
setfacl -m g:devFirmB:rwx /srv/svn/
Adds the group devFirmB with read, write, execute permissions to directory /srv/svn.
If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.
setfacl -m g:devFirmB:rwx /srv/svn/
setfacl -d -m g:devFirmB:rwX /srv/svn/
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
add a comment |
You can only have one group as owner.
However using access control lists you can define permissions for other groups.
Check if you have ACL installed issuing the command getfacl.
If your system hasn't ACL installed, install the command line tools which are in the acl package with: sudo apt-get install acl
With getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.
For example:
setfacl -m g:devFirmB:rwx /srv/svn/
Adds the group devFirmB with read, write, execute permissions to directory /srv/svn.
If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.
setfacl -m g:devFirmB:rwx /srv/svn/
setfacl -d -m g:devFirmB:rwX /srv/svn/
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
add a comment |
You can only have one group as owner.
However using access control lists you can define permissions for other groups.
Check if you have ACL installed issuing the command getfacl.
If your system hasn't ACL installed, install the command line tools which are in the acl package with: sudo apt-get install acl
With getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.
For example:
setfacl -m g:devFirmB:rwx /srv/svn/
Adds the group devFirmB with read, write, execute permissions to directory /srv/svn.
If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.
setfacl -m g:devFirmB:rwx /srv/svn/
setfacl -d -m g:devFirmB:rwX /srv/svn/
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
You can only have one group as owner.
However using access control lists you can define permissions for other groups.
Check if you have ACL installed issuing the command getfacl.
If your system hasn't ACL installed, install the command line tools which are in the acl package with: sudo apt-get install acl
With getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.
For example:
setfacl -m g:devFirmB:rwx /srv/svn/
Adds the group devFirmB with read, write, execute permissions to directory /srv/svn.
If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.
setfacl -m g:devFirmB:rwx /srv/svn/
setfacl -d -m g:devFirmB:rwX /srv/svn/
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
edited Apr 10 '15 at 13:04
Gilles
548k13011151631
548k13011151631
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
answered Apr 10 '15 at 11:36
jcbermujcbermu
3,402820
3,402820
add a comment |
add a comment |
It is not possible to have a file owned by multiple Linux groups with traditional Unix permissions. (However, it is possible with ACL.)
But you might use the following workaround and create a new group (e.g. called devFirms) which will include all users of the groups devFirmA, devFirmB and devFirmC.
You create new user groups with:
sudo addgroup NEWGROUPNAME
First, you might have to install id-utils to get the lid-command:
sudo apt-get install id-utils
Then you can run the following line of code to easily copy all users of SOURCEGROUP to TARGETGROUP. Of course you have to run the command once for each group you want to copy. Don't forget to replace the capitalized place-holders with the actual group names.
for u in $(lid -g -n SOURCEGROUP); do sudo usermod -a -G TARGETGROUP $u; done
So in your case you would have to run the command (all lines at once):
sudo addgroup devFirms &&
for u in $(lid -g -n devFirmA); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmB); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmC); do sudo usermod -a -G devFirms $u; done
Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name (devFirms):
sudo adduser NEWUSER TARGETGROUP
Thanks to Justin Ethier for his answer at Unix&Linux.SE: Add all users of one group to another group?
edited Apr 13 '17 at 12:37
Community♦
1
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
add a comment |
It is not possible to have a file owned by multiple Linux groups with traditional Unix permissions. (However, it is possible with ACL.)
But you might use the following workaround and create a new group (e.g. called devFirms) which will include all users of the groups devFirmA, devFirmB and devFirmC.
You create new user groups with:
sudo addgroup NEWGROUPNAME
First, you might have to install id-utils to get the lid-command:
sudo apt-get install id-utils
Then you can run the following line of code to easily copy all users of SOURCEGROUP to TARGETGROUP. Of course you have to run the command once for each group you want to copy. Don't forget to replace the capitalized place-holders with the actual group names.
for u in $(lid -g -n SOURCEGROUP); do sudo usermod -a -G TARGETGROUP $u; done
So in your case you would have to run the command (all lines at once):
sudo addgroup devFirms &&
for u in $(lid -g -n devFirmA); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmB); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmC); do sudo usermod -a -G devFirms $u; done
Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name (devFirms):
sudo adduser NEWUSER TARGETGROUP
Thanks to Justin Ethier for his answer at Unix&Linux.SE: Add all users of one group to another group?
edited Apr 13 '17 at 12:37
Community♦
1
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
add a comment |
It is not possible to have a file owned by multiple Linux groups with traditional Unix permissions. (However, it is possible with ACL.)
But you might use the following workaround and create a new group (e.g. called devFirms) which will include all users of the groups devFirmA, devFirmB and devFirmC.
You create new user groups with:
sudo addgroup NEWGROUPNAME
First, you might have to install id-utils to get the lid-command:
sudo apt-get install id-utils
Then you can run the following line of code to easily copy all users of SOURCEGROUP to TARGETGROUP. Of course you have to run the command once for each group you want to copy. Don't forget to replace the capitalized place-holders with the actual group names.
for u in $(lid -g -n SOURCEGROUP); do sudo usermod -a -G TARGETGROUP $u; done
So in your case you would have to run the command (all lines at once):
sudo addgroup devFirms &&
for u in $(lid -g -n devFirmA); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmB); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmC); do sudo usermod -a -G devFirms $u; done
Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name (devFirms):
sudo adduser NEWUSER TARGETGROUP
Thanks to Justin Ethier for his answer at Unix&Linux.SE: Add all users of one group to another group?
edited Apr 13 '17 at 12:37
Community♦
1
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
It is not possible to have a file owned by multiple Linux groups with traditional Unix permissions. (However, it is possible with ACL.)
But you might use the following workaround and create a new group (e.g. called devFirms) which will include all users of the groups devFirmA, devFirmB and devFirmC.
You create new user groups with:
sudo addgroup NEWGROUPNAME
First, you might have to install id-utils to get the lid-command:
sudo apt-get install id-utils
Then you can run the following line of code to easily copy all users of SOURCEGROUP to TARGETGROUP. Of course you have to run the command once for each group you want to copy. Don't forget to replace the capitalized place-holders with the actual group names.
for u in $(lid -g -n SOURCEGROUP); do sudo usermod -a -G TARGETGROUP $u; done
So in your case you would have to run the command (all lines at once):
sudo addgroup devFirms &&
for u in $(lid -g -n devFirmA); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmB); do sudo usermod -a -G devFirms $u; done &&
for u in $(lid -g -n devFirmC); do sudo usermod -a -G devFirms $u; done
Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name (devFirms):
sudo adduser NEWUSER TARGETGROUP
Thanks to Justin Ethier for his answer at Unix&Linux.SE: Add all users of one group to another group?
edited Apr 13 '17 at 12:37
Community♦
1
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
edited Apr 13 '17 at 12:37
Community♦
1
edited Apr 13 '17 at 12:37
Community♦
1
edited Apr 13 '17 at 12:37
Community♦
1
1
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
answered Apr 10 '15 at 12:11
Byte CommanderByte Commander
1,366623
1,366623
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
add a comment |
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
@Gilles do you thing your scheme would work for Subversion server multiple repositories with multiple users as in my update of question?
– KernelPanic
Apr 10 '15 at 16:00
add a comment |
No, this is not possible.
Each file (and so also directories) can only have one user and one group.
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
4
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
add a comment |
No, this is not possible.
Each file (and so also directories) can only have one user and one group.
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
4
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
add a comment |
No, this is not possible.
Each file (and so also directories) can only have one user and one group.
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
No, this is not possible.
Each file (and so also directories) can only have one user and one group.
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
answered Apr 10 '15 at 11:36
Uwe PlonusUwe Plonus
30239
30239
4
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
add a comment |
4
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
4
4
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
Providing an alternative approach to get the same or a similar result would be nice.
– Byte Commander
Apr 10 '15 at 11:38
add a comment |
In order to provide different rights to multiple groups or users use the following commands (Tested on RHEL 6 & 7):
To make new owner of group:
setfacl -m g:<group_name>:<rights you want to give eg.rwx> -R <directory_name>
To check current acl settings:
getfacl <directory_name>
edited Jan 20 '16 at 8:03
Marco
766717
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
add a comment |
In order to provide different rights to multiple groups or users use the following commands (Tested on RHEL 6 & 7):
To make new owner of group:
setfacl -m g:<group_name>:<rights you want to give eg.rwx> -R <directory_name>
To check current acl settings:
getfacl <directory_name>
edited Jan 20 '16 at 8:03
Marco
766717
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
add a comment |
In order to provide different rights to multiple groups or users use the following commands (Tested on RHEL 6 & 7):
To make new owner of group:
setfacl -m g:<group_name>:<rights you want to give eg.rwx> -R <directory_name>
To check current acl settings:
getfacl <directory_name>
edited Jan 20 '16 at 8:03
Marco
766717
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
In order to provide different rights to multiple groups or users use the following commands (Tested on RHEL 6 & 7):
To make new owner of group:
setfacl -m g:<group_name>:<rights you want to give eg.rwx> -R <directory_name>
To check current acl settings:
getfacl <directory_name>
edited Jan 20 '16 at 8:03
Marco
766717
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
edited Jan 20 '16 at 8:03
Marco
766717
edited Jan 20 '16 at 8:03
Marco
766717
edited Jan 20 '16 at 8:03
Marco
766717
766717
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
answered Jan 20 '16 at 7:31
Mr.HMr.H
211
211
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
add a comment |
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
Tested, works on Ubuntu 16.04.3 too
– Dmitry
Oct 27 '17 at 8:24
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f195466%2fsetting-multiple-groups-as-directory-owners%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-group, permissions, subversion
1
Do the firm groups access each others files? Or are they completely separate, other than sharing a parent directory?
– J. M. Becker
Apr 10 '15 at 23:39
@TechZilla firm group MUST Not access each others files, ther MUST be separated, only I must have access to all directories.
– KernelPanic
Apr 17 '15 at 9:57
OK, I posted the correct answer, you should not use ACLs for this. They are a last resort option, this problem is still a very common one.
– J. M. Becker
Apr 21 '15 at 20:05