Building Tablet PC Applications (Pro-Developer)

User Private Groups

Red Hat Linux has a unique way of organizing users and groups, which promotes security. This section describes the Red Hat User Private Group scheme, and then details a scenario where you can create a secure group with a common directory.

The Red Hat Scheme

As noted in the beginning of the chapter, everyone s user ID number usually matches their group ID number in /etc/passwd . But this is generally true only for Red Hat Linux and allied distributions. The other scheme is where every user has the same group ID number, which is usually 100. In other words, in other distributions every user belongs to the same group by default.

The Red Hat scheme is more suitable for a number of configurations. For example, it allows the users of an ISP to keep their files hidden from other users of that ISP. Yet, you can still configure a shared directory for selected users.

Creating a Shared Directory

Sometimes you want users to be able to share files. Some users may be in a common department, or they may be working on a common project. You can set up a group and a directory where all imported files are readable by all members of that group.

The easiest way to illustrate this process is with an example. Say you need to set up a group and a shared directory for project members Tom, Adnan, Carlos, and Libby. In the following steps, you ll create the users, a common group, and a shared directory. Then you ll set the group ID (SGID) bit, which allows any user in the group to copy files to the shared directory, and makes it readable by the other members of the group.

  1. Give Tom, Adnan, Carlos, and Libby accounts on your system with the useradd username command. Remember to assign passwords to each user.

  2. Use the groupadd project command to create the project group. Edit /etc/group to add your new users to that group.

  3. Set up a new shared directory, called /home/project . Give it full permissions ( rwx ) for the user and group that own this directory with the chmod 770 /home/project command.

  4. Configure the SGID bit on the directory with the chmod g+s /home/project command. This allows all users in the group that owns the directory to have ownership-level permissions.

  5. Feel free to log in as one of the users. Copy files from the home directory of a user to /home/project . Log in as a different user in the same group. Can you do anything with the file copied by the first user?

    Tip  

    It s possible to combine the two chmod commands; the chmod 2770 /home/project command configures the noted permissions and adds the SGID bit to that directory.

 

Категории