/home/bill/System_maintenance/ssh/0_ssh user notes.txt **************** Guide - keep at top of file... /media/bill/USB DISK/Projects/Diversity/diversity_public/instructions.odt location of Diversity files (uploaded on ssh) From "Ubuntu unleashed" -> Chapter "Managing Users" list of users in /etc/passwd file: $ cat /etc/passwd adduser deluser - delete a user account and related files chfn - change real user name & info chmod - change file mode bits (access priviledges) chown chpasswd - update passwords in batch mode groups user - shows groups of which user is a member who ******************* Questions How to I set nemo -> default listing as "details"? Can a USER create his own groups? (handy for projects, committees, etc) ************************** 22Dec2015 adduser thunderbird see GW://home/bill/diversity/batch_users.sh adduser thunderbird (with --conf, --home ...) **************** 21Dec2015 umask explanations - can this be specific to thunderbird? - I want [directories, files]X[created in, copied/moved to] [diversity_public, diversity_member, diversity_admin] to be : . automatically group-forced to [diversity_public, diversity_member, diversity_admin] respectively . user - [public, member, admin] the owner remains the person who [created, uploaded] the initial version of a [file,directory] . other - a file from sombody "outside of the Diversity membership" - the file is forcably "owned by the Diversity user http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html Explain Octal umask Mode 022 And 002 As I said earlier, if the default settings are not changed, files are created with the access mode 666 and directories with 777. In this example: The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664. The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644. For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw). In short, A umask of 022 allows only you to write data, but anyone can read data. A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077. A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members. But, How Do I Calculate umasks? The octal umasks are calculated via the bitwise AND of the unary complement of the argument using bitwise NOT. The octal notations are as follows: Octal value : Permission 0 : read, write and execute 1 : read and write 2 : read and execute 3 : read only 4 : write and execute 5 : write only 6 : execute only 7 : no permissions . >> umask is useless for me!!!! It doesn't help chown, chgrp, and http://www.linuxnix.com/umask-define-linuxunix/ Why 666 is the maximum value for a file? This is because only scripts and binaries should have execute permissions, normal and regular files should have just read and write permissions. Directories require execute permissions for viewing the contents in it, so they can have 777 as permissions. >> again, this is useless for me!! SCREW UMASK!!! - go to /home/bill/diversity/batch_access.sh **************** 20Dec2015 umask group [directories, files] so that ownership, groups] not changed on files >> see Testing of permissions for diversity_public (vanwagner) /home/bill/System_maintenance/ssh/0_ssh notes.txt >> from: http://unix.stackexchange.com/questions/195466/setting-multiple-groups-as-directory-owners +-----+ First you need to set your umask to 002, this is so a group can share with itself. I usually create a file like /etc/profile.d/firm.sh, and then add a test command with the umask. [ $UID -gt 10000 ] && umask 002 +--+ man umask -> hmmm... don't really understand but I did it see /home/bill/diversity/test_mask.sh now gives mask of 0022 +-----+ Next you need to set the directories to their respective groups, chgrp -R FirmA /srv/svn/FirmA chgrp -R FirmB /srv/svn/FirmB chgrp -R FirmC /srv/svn/FirmC +--+ No need - I have already done this +-----+ Finally you need to set the SGID bit properly, so the group will always stay to the one you set. This will prevent a written file from being set to the writer's GID. find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775 find /srv/svn/FirmB -type d -print0 | xargs -0 chmod 2775 find /srv/svn/FirmC -type d -print0 | xargs -0 chmod 2775 find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664 find /srv/svn/FirmB -type f -print0 | xargs -0 chmod 664 find /srv/svn/FirmC -type f -print0 | xargs -0 chmod 664 +--+ $ man xargs - allows piping commands, with -print0 & -0 handling spaces in filenames (handy for later!) what does -type [f, d] mean? presumably => file & directory so then I need to know what chmod [2775, 664] are... Linux Desktop Reference p16 2775 = -w-rwxrwxrwx : but where does the extra permission come from? and why write-only? 664 = rw-rw-r-- Hmm - I'm worried about the "2" in "2775" so I'll ignore it for now... BUT - QUESTIONS! will this umask . affect&merge all [users, groups] on the virtual linux machine? . affect each users own files under /home/diversity/users? I ONLY want it to affect the goups specified!! Actually, I ONLY want it to affect : . Thunderbird, for the diversity world . [directories, files] of [diversity_public, diversity_member, diversity_admin] http://unix.stackexchange.com/questions/29050/using-umask-to-set-group-permissions In case you aren't aware of it, you can do default umask overrides on a per directory basis with acl. See eg unix.stackexchange.com/questions/12842/… – Faheem Mitha Jan 14 '12 at 15:04 http://askubuntu.com/questions/44534/how-to-set-umask-for-a-specific-folder answered Nov 14 '12 at 16:31, yogi,70. edited Mar 19 at 11:44, RobV, 1034 you could use setfacl setfacl -d -m group:name:rwx /path/to/your/dir Where name is the group name To find which groups you or a specific user belong see "In unix/linux how do you find out what group a given user is in via command line?" http://stackoverflow.com/questions/350141/in-unix-linux-how-to-you-find-out-what-group-a-given-user-is-in-via-command-line Hmmm ... do I need to use access control lists? +-----+ Add to : /home/bill/diversity/batch_access.sh find /srv/svn/FirmA -type d -print0 | xargs -0 chmod 2775 find /srv/svn/FirmA -type f -print0 | xargs -0 chmod 664 chmod -R **************** 17Dec2015 diversity_member user - Create & test This is to start with another look at the file permission (not ACLs) challenges & workings (see /home/bill/System_maintenance/ssh/0_ssh notes.txt). Try : add root to groups adduser root [diversity_public,diversity_member,diversity_admin] member -> vellasco OK admin -> siegelmann, mikkulainennen **************** 16Dec2015 user access to directories & files login for vanwagner : ssh -X -l vanwagner 198.161.91.130 >> YIKES!! vanwagner (diversity_public only) can see even my "secret" files !!! ... look at this later **************** 16Dec2015 Put all diversity users in /home/diversity/users delete marianne, then reinstall in users directory Linus desk reference, p74 $ sudo userdel vanwagner $ sudo adduser --home "/home/diversity/users/vanwagner" vanwagner edit, then use : $ sudo bash "/home/bill/diversity/adduser_batch.sh" But how do I easily add 100 users without typing all those passords twice? OOPS! must add groups!!! example : adduser bill diversity_public adduser bill diversity_members adduser bill diversity_admin *************** 16Dec2015 default config file for Diversity users normal -> /etc/adduser.conf copy this to GroupWARE /home/bill/diversity >> Done, I don't really understand some of the groups (audio,video, users, etc) add new users to standard groups GROUPWARE /home/bill/diversity/adduser_[public,member,admin] # Set this if you want the --add_extra_groups option to adduser to add # new users to other groups. # This is the list of groups that new non-system users will be added to # Original Default: EXTRA_GROUPS="dialout cdrom floppy audio video plugdev users" EXTRA_GROUPS="audio video plugdev users diversity_public" # If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS # option above will be default behavior for adding new, non-system users # Original : ADD_EXTRA_GROUPS=1 commented out ADD_EXTRA_GROUPS=1 ***************** 16Dec2015 groups - finish adding sudo adduser --home "/home/diversity/diversity_member" diversity_member sudo adduser --home "/home/diversity/diversity_admin" diversity_committee **************** 16Dec2015 Users $ who - lists currently logged in . this showed 4 bills, 2 from 11Dec2015, 1 from 13Dec2013, 1 today . how do I log out "all" bills? $ finger - archaic, use who... From "Ubuntu unleashed" -> Chapter "Managing Users" list of users in /etc/passwd file ******************** 14Dec2015 /ect/skel what gives here? ****************** 14Dec2015 adduser man adduser adduser diversity adduser --home "/home/diversity/diversity_public" diversity_public chfn [-f full-name] [-o office] ,RB [ -p office-phone] [-h home-phone] -u] [-v] [username] chfn -f diversity_public diversity_public # adduser --home "/home/diversity/vanwagner" vanwagner adduser --home "/home/diversity/watson" watson . didn't do - /etc/skel - copyover of keyfiles for confiiguration . none on GroupWare???? Users - use grouphomes!!! will make it easier to look through and control user lists!! chpasswd - update passwords in batch mode # enddoc