Linux Format

Own it all

-

I have been a Linux user since around 2000, completely jumped ship from Windows in 2016, and now use Kubuntu on my desktop. I have been a Linux Format subscriber since 2016. However, the one subject that trips me up is security and permission­s.

I regularly find myself in the position where User A cannot read or write files or directorie­s created by User B, even though User A and User B are in the same group, and the security bits for the group are 110 or 111 in both the directory and the files. This situation arises often when User B is my regular account and User A is an applicatio­n that when I run it, runs as User A – for example, Jellyfin or Emby servers.

My usual solution is to use chmod -R 777 /path/to/ problem/directory and sometimes chown -R UserB:UserB /path/to/problem/directory as well. This seems to work, but I believe such practice is frowned upon by Linux gurus who know better than me (but don’t/can’t explain why or what one should do to get things to work as required).

I would like to see an article discussing why these features exist, and what one needs to do to share files between such users ‘properly’, including: • •

When the PC should be rebooted.

How the file mask fits in, how to find out what it is • for a particular user, and if it should be changed. How sticky/special bits might be involved. Hopefully, I have explained my gap in knowledge and you think this might be a good feature for you. Andy Bond

Neil says…

Certainly, chmoding everything to 777 is a ‘nuking it from space’ option, because you’re saying that anyone

(the user, any groups and ‘other’ with the first, second and final seven) can read, write and, worse, execute anything in that folder. More usual is a 660 (read and write access for only the user and group) or 664 (extends read-only access to ‘other’).

The chown is really the best approach here, because it extends ownership to a registered user (Apache or Jellyfin, for example), but again the risk is if that user, when it’s software, gets co-opted, and you would still want to restrict access to 660 or similar.

Oddly, the Wiki page on this is easy enough to follow: https://en.wikipedia.org/wiki/File-system_ permission­s. It sounds like a topic we should cover. Hmm, I wonder whether a Linux Security Basics might be a good idea…

?? ?? You can try out the beta of Pop!_OS Pi right now.
You can try out the beta of Pop!_OS Pi right now.

Newspapers in English

Newspapers from Australia