💾 Archived View for idiomdrottning.org › group-permissions captured on 2024-05-10 at 11:30:18. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-03-20)
-=-=-=-=-=-=-
All of the following interaction was as the user sandra with ellen%
being the prompt (hostname + percent sign, zsh’s default). I’m in the dialout group. /tmp is sticky but that doesn’t seem to matter here, as you’ll see.
ellen% ls -l /tmp/test -r--rw---- 1 sandra sandra 0 Feb 26 11:09 /tmp/test ellen% echo nice > /tmp/test zsh: permission denied: /tmp/test ellen% ls -l /tmp/mad -r--rw---- 1 root dialout 0 Feb 26 11:34 /tmp/mad ellen% echo fine > /tmp/mad ellen% cat /tmp/mad fine
Weird, right?
And this is the explanation:
ellen% grep dialout /etc/group dialout:x:20:sandra ellen% grep ^sandra /etc/group sandra:x:1000:
I had no idea users weren’t added to their own groups on Debian, or maybe they are and I just borked it somewhen along the highway, but here we are.
Chris writes in:
The first file is owned by you but you have no owner write permission. So the group permission check is skipped. The second file has group write permission, you’re in the group, and not the owner. So the group permission permits the write. If you changed the owner of the first file, /tmp/test, you should be able to write to it.
I tested it and that worked.
Yes, users are added to their own groups, but that info is in /etc/passwd in the gid field, and typically not duplicated in /etc/group.
Unix permissions can be tricky.
So if you want everyone in a group to have permissions except one, make that person the owner 🤦🏻‍♀️
Not literally, because they can just chmod it then to give themselves the permission.