M BUZZ CRAZE NEWS
// general

Cannot edit file via group permission

By Joseph Russell

there's a system with two users: codera and coderb. They both belong to group named firma. However, when one of them creates a file (in /tmp) and changes it's group ownership to firma, with rw group permission, the other still cannot write that file... Below is the story in terminal:

codera@vbox:/tmp$ touch file_a
codera@vbox:/tmp$ chown codera:firma file_a
codera@vbox:/tmp$ ls -al file_a
-rw-rw-r-- 1 codera firma 0 úno 14 20:12 file_a

So, if how I understand it, both the file owner (codera) and members of the group firma should be able to read/write that file. Let's try it in second terminal window:

pb@vbox:~$ sudo su - coderb # (then password typed)
coderb@vbox:~$ cd /tmp
coderb@vbox:/tmp$ ls -al file_a
-rw-rw-r-- 1 codera firma 0 úno 14 20:12 file_a
coderb@vbox:/tmp$ id # lets check groups one more time
uid=1002(coderb) gid=1002(coderb) groups=1002(coderb),27(sudo),1005(firma),1006(cpp)
coderb@vbox:/tmp$ echo hello > file_a
-bash: file_a: Permission denied

According to man acl, after checking whether the user (resp. process) is an owner, if the effective GID or any of the supplementary group IDs match the file group, then those rw- permissions should be applied.

I tried newgrp - firma too... It changed the gid succesfully, but did not help accessing the file. Neither helped rebooting the machine (way to force logout/login them all), or logging in graphically as coderb.

Could anybody explain me what did I do wrong or what I missed, please?

Below is info about the OS. It runs in VirtualBox:

coderb@vbox:/tmp$ uname --all
Linux vbox 5.8.0-41-generic #46~20.04.1-Ubuntu SMP Mon Jan 18 17:52:23 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Thank you all for any help.

1 Answer

If you do:

$ ls -lad /tmp
drwxrwxrwt 28 root root 36864 Feb 14 22:26 /tmp

You'll see that it has the sticky bit (t) set. This prevents users from removing or renaming files of other users. Recent Linux also takes this further by introducing the fs.protected_regular sysctl which also prevents writing to other users' files in such directories.

You could do what you want to do in a directory that isn't set sticky or if it's just writes you could disable that sysctl (system-wide).

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in general

"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"

"Absolutely my pleasure, mate. It is a really incredible piece, and if it’s not featured in Substack Reads I will immediately raise a militia and….uh….then we’ll stand around grumbling and handing out leaflets (I’m British, this is how we do over here). Magically well done. And…"