2
How can you create a group such that I can use programs of another user in the PC in my user account without 777 permissions nor with sudo?
I created a new user by sudo adduser masi.
I need either to change each program's permissions to be 777 at /usr/bin OR to use sudo to run each program.
However, both of these ways are awful for security and usability.
I apparently should be create a group brothers and then assign which program both brothers can use without sudo.
2
(disclaimer: logged in to windows at the moment) Create a group
addgroup SomeName
Then add each user to the group
usermod -G SomeName,other,groups user1
usermod -G SomeName,other,groups user2
Change the permissions on the file
chgrp SomeName theFile
chmod g+rx theFile
hometoast
Posted 2009-08-31T17:02:54.403
Reputation: 433
2
You don't need to add write permission to a binary to execute it. You could just make them 755 root:root. If you want to restrict the programs to all but a group, you could chmod 750 and chgrp them to your new group.
I have everything 755 root:root, but programs do not work. – None – 2009-08-31T17:39:59.277
What is the error message? And which OS? – mark4o – 2009-08-31T18:46:20.437
1
You shouldn't be messing with the permissions in /usr/bin - your distribution manages that, all programs in that directory owned by root, and have 755 permissions.
If you want to have programs that both you and the one other user can use, but that other users can't, then create a different directory, add it to your PATHs and set permissions appropriately.
I think you need to provide the error messages you are seeing, because 755 permission is sufficient to execute a program.
Douglas Leeder
Posted 2009-08-31T17:02:54.403
Reputation: 1 375
0
Another nice alternative is to use extended ACLs (you will need to mount the relevant filesystem with the 'acl' flag)
Using acls will allow you to grant/deny individual users/groups specific access to files/directories without having to add a groupset for each 'seperation of rights/permissions'
man getfacl, setfacl, chacl for more info, however simple put:
Granting an additional user (lisa) r-x (read/execute) access to a file
setfacl -m u:lisa:rx file
Removing a named group entry from a file's ACL
setfacl -x g:staff file
Hope this puts you on the right track......
UberJim
Posted 2009-08-31T17:02:54.403
Reputation: 11
0
Permission 777 (rwxrwxrwx) would also imply write permissions for everyone, and that is not needed in any case in order to execute a binary. The permission that matters is the x-permission - the least significant bit in each 3-digit octal mode number (7=111 aka rwx). To run a binary you also need read permission.
Normally the permissions of programs installed in /usr/bin are already set so that they are executable for everyone (normally owned by root, group root, permission 755 or 555), so unless you have made some special changes yourself, there should not be any need to do anything.
Check the permission for the binaries in /usr/bin, and unless it is different than 755 or 755 you are good to go.
hlovdal
Posted 2009-08-31T17:02:54.403
Reputation: 2 760
1
addgrp group meis clearer as your second set of commands. – None – 2009-08-31T17:46:38.577