Make new user sub-folders inherit parent permissions

[John Hupp]

On 1/20/2013 7:40 PM, John Hupp wrote:
> On 1/20/2013 2:27 PM, Ioannis Vranos wrote:
>> On Sun, Jan 20, 2013 at 8:56 PM, John Hupp<lubuntu at prpcompany.com>  wrote:
>>> This opens up yet more questions.  /etc/passwd only contains the original
>>> GID's for user1 and user2.  It does not reflect that both have now been also
>>> added to the "users" group.  So it seems that more than one user/group
>>> configuration system is being supported.
>>>
>>> I have been reading today the manpages for adduser, addgroup, and
>>> adduser.conf.  Interestingly, it does not document where it stores the
>>> configuration information -- perhaps because adduser and addgroup are only
>>> front-ends for useradd and groupadd.  There is no mention of /etc/passwd,
>>> for instance.
>>>
>>> But apart from that, Lubuntu's GUI tool for Users and Groups is users-admin
>>> (which I used for my customizations), and I have not yet found any handy
>>> documentation for that.  There may be something somewhere at
>>> library.gnome.org, but I have not found it yet.  But poking around a bit in
>>> the interface, I see that it does not even show that user1 is a member of
>>> the user1 group, and likewise with user2.  So again, that indicates to me
>>> that more than one user/group configuration system in effect.
>> Users can belong to many groups, one of them is the "primary group".
>> You can change a user's primary group, from the Users and Groups
>> program. Select the user, and go to Advanced Settings->Advanced->Main
>> group.
>>
>>
> OK, thanks to all who have responded so far.
>
> From the several responses here and additional reading, I'm glad to 
> come to the understanding that there is only one set of user/group 
> configuration information (/etc/passwd, /etc/group and /etc/shadow), 
> though it can be managed by different available tools.  (This in 
> contrast to network configuration, which really does support two 
> different configuration systems.)
>
> For a case where it is desirable for a couple users to work with the 
> same set of files, I'm now thinking that my fundamental approach was 
> not quite right and that I do not need to involve or maybe should not 
> involve the "users" system group.
>
> What I'm now thinking should be the setup:
> 1) Assign /home/user1 as the co-home directory for user2.
> 2) Assign user2 to the user1 group as user2's *primary* group.
> 3) Leave the ownership of /home/user1 as Owner: user1 and Group: 
> user1.  With the /home/user1 permissions such that owner and group can 
> edit, user1 and user2 should then be able to freely create, access and 
> edit everything in /home/user1.
> 4) Delete /home/user2.
>
> I expect then that this would solve my original problem in which new 
> sub-folders did not inherit ownership by the "users" group. And maybe 
> better respects Linux design principles.
>
> Is that a good and workable proposed setup?  Is there any obvious 
> consideration I am missing?

Thanks Wes, Ioannis and Phill for the very helpful responses to the 
above post.

I know a fair amount more on this topic now than when I first posted, 
and though the first post (by Wes) about SetUID, and SetGID went 
directly over my head, subsequent posts make it clear that this should 
probably be part of the solution here.  In fact, I had already realized 
that my proposed setup would result in a mixture of user ownership in 
the user1 directory -- perhaps not a problem, but setuid and setgid 
would clean that up.

In the manpage for adduser.conf, there is this somewhat vague caution 
involving setgid, but no one here has echoed any concerns about it for 
my situation (unless it plays into Wes's point about dot files):
     SETGID_HOME
               If  this  is  set  to  yes, then home directories for 
users with
               their own group ( USERGROUPS=yes ) will have the setgid 
bit set.
               This  was  the  default  setting  for  adduser versions 
<< 3.13.
               Unfortunately it has some bad side effects, so we no  
longer  do
               this  per  default.  If  you  want it nevertheless you 
can still
               activate it here.

The point about having only one set of dot files for more than one user 
is also well taken, but at the moment I am not envisioning that as a 
real issue for this scenario.

It's also instructive that Ioannis does not see membership of normal 
users in the system group "users" as any sort of transgression against 
the intent or design of the default system group layout.  Perhaps this 
is the very sort of thing the "users" group is intended for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-users/attachments/20130121/806a718d/attachment.html>