Best Way To Manage Users And Accounts Etc

Dear Linux Gurus, how to view all group members?

my code snippet is like below:

groupadd yy
useradd -g yy u1
useradd -g yy u2
useradd -g yy u3

useradd -G yy u4


when i wanted to view the group members of group 'yy' in /etc/group, it only shows secondary group member i.e only u4. what is the problem? Why not showing other group members-u1,u2,u3?

I also used commands getent and groupmems, but they are showing only secondary group members i.e only u4 not others.

But when I used 'system-config-users', in group page, it shows all the users.

My doubt is how to view all the users belonging to group yy in terminal. which command to use?

Thanks in advance.
sorry for the grammatical mistakes.

I tried adding two users in apache group and given 775 permission to Document root but user is not able to write into files in DocumentRoot

Tried adding user and DocumentRoot Folder in sudo file but not able to do it recursively

please help


Thanks for reply,
I have already given chmod 775 -R DocumentRoot - for recursively writting permission
You have told to add user in www-data group and chmod 775 -R to DocumentRoot
usermod -a -G www-data <user1>

How can users in www-data can able to write in DocumentRoot which has apache:apache owner and group
please clarify...

Done below steps to solve this:
1) I have created a new group webdata and added required users in this group
2) set sticky bit to document root with below command
setfacl -m g:webdata:rwx -R /path/to/documentroot/
this command will set rwx permission to DocumentRoot so that members in webdata can have full access but still DocumentRoot user and group will be apache

So right now in some of my servers, some of my users are in the Wheel group and then I have some users who fall under /etc/sudoers. Don't have any consistency, however I want to change that.

I know that wheel group is legacy.

SUDO gives an audit trail I believe under /var/log/secure.

I'm wondering what others have experienced and setup which worked better in the long run, place users either in wheel group or in SUDO?

Hey guys, I got samba working and I am able to access my files, however I am now trying to learn security with it. i am pretty much trying to allow certain groups access certain files. if you look at samba group you can see that I have @sambausers group to access sambagroup directory.

I have a user called sambatest01. the user can access "samba users only" but the user can access all of the other files as well. what is a correct set up on the other smb.conf to prevent users from accessing this? I cant seem to find a proper set up


[drivers]
path = /files/drivers
browseable = yes
read only = no
guest ok = no
guest only = no


[samba users only]
path = /files/sambagroup
browseable = yes
read only = no
guest ok = no
guest only = no
write list = @sambausers
valid users = @sambausers

So, I have created a group and added myself to it.

When I open /etc/group I can see the group and it shows that I am a member, but when I run $ groups - it doesn't show the new group in the list. What could be the issue?

I can't believe I wrote a looong message and it logged me out when I tried to submit it.

So anyway, in short lines:

- I have a network of sites where all sites share same "images" folder
- I have created /home/_images/entities and symlinked it from all websites
- It works great with Apache, when I open /images/ on any of the sites I get list of images and can view them

The problem is suPHP which changes process ID of the PHP script to the file owner ID, so when I load site1.com, all scripts are executed as user1 (and files/folders created with those scripts belong to user1:user1). When I load site2.com, all scripts are executed as user2 (and files/folders created with those scripts belong to user2:user2). All these users do NOT belong to the same group, and I wouldn't like to change that as it is cPanel/WHM server so I'm afraid I'll screw something up if I change (primary?) group of all users.

Therefore I need to set it up in such way that all newly created folders and files under /home/_images/entities (owned by root) have read/write permissions for everyone.

Here's the command I used:

Code:

setfacl -Rdm o::rwx /home/_images/entities

To check it:
Code:

root@server1 [~]# getfacl /home/_images/entities/
getfacl: Removing leading '/' from absolute path names
# file: home/_images/entities/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

This looks fine, however when I try upload an image via site1.com it looks like this:

Code:

root@server1 [/home/_images/entities]# ls -l
total 24
drwxrwxrwx+ 5 root    root    4096 Jan 14 06:25 ./
drwxrwxrwx  5 root    root    4096 Jan 12 13:08 ../
drwxrwxr-x+ 3 user1   user1   4096 Jan 14 06:25 1/

And in folder "1" is the image (and thumbs folder):

Code:

root@server1 [/home/_images/entities/1]# ls -l
total 236
drwxrwxr-x+ 3 user1   user1     4096 Jan 14 06:25 ./
drwxrwxrwx+ 5 root    root      4096 Jan 14 06:25 ../
-rw-rw-rw-  1 user1   user1   225569 Jan 14 06:25 689048f221ab7c556f4d482a9d92b2d6.jpg
drwxrwxr-x+ 2 user1   user1   4096 Jan 14 06:25 thumbs/

My questions:

1) Why newly created folders do not have "write" permissions for everyone else [not user and/or group]? If I upload first image from site1.com, then I can't upload other images from any other site, while all sites can display them.

2) What is the + at the end of permissions list? (drwxrwxr-x+)

3) Why newly created files have only "rw" permissions for user, group AND everyone else, and not execute permissions? I don't actually need execute flag set here, but from my command you can see I've set "o::rwx" so it should be there (or not?)

Actually the real problem is #1 - other users can't write to this folder so users can't upload images from other sites nor other sites can create (missing) thumbnails.

Directory /media/data/torrents/ has permissions 775, user yzt, group transmission

yzt and debian-transmission are members of the group transmission.

transmission-daemon is run by debian-transmission, and the new files it downloads have permissions 644, owner debian-transmission, group transmission. This is a problem, because I can't later move the files as my user, yzt, and need to be switching to root to change the permissions/ownership to be able to do so.

Using sticky bit I could copy it to anywhere else, but I'm interested on actually moving the file, not just copying it. I could run transmission-daemon as yzt and problem solved, but I rather have that internet facing service running by a limited user, just in case some vulnerability is found on Transmission.

So my question is, how can I set that every new file created under /media/data/torrents/ has permissions 775 like its parent directory?

Changing umask value for files and directories take effect after reload:
/etc/profile
/etc/bashrc
default permission for all users:
-rw-r--r--
above permission is edited to:
-rw-rw-r--
If a specific user in group having only read permission to a file/directory is created before reload,and Linux server reloads, that user gets rw permission to that file/directory. what is the alternative of securing:
/etc/profile
/etc/bashrc
apart from giving the two files access to root user only, and locking out all other users?

Hello, I'm sort of a novice Linux user and was running into an issue with user migration. I'm trying to migrate users and groups from a RHEL 5.11 install to a CentOS 6.6 install, both systems are 64 bit. Initially I tried to do an rsync of the passwd, shadow, group and gshadow files with no luck. When trying to login with an existing account on the new server I get access denied. I tried to change the password on the new server, but even then it doesn't seem to change the password and I still get access denied. I then tried to tar up the four above files and then extracted them on the new server, but the same issue existed. I also created a new account on the old server, copied all the necessary files over to the new server and still have the same issues. Any ideas what I may be doing wrong or what I can try next? This is getting frustrating!

Thanks!

Is there an sftp package that can be used which is more flexible then the ssh internal ftp server. I have been tasked with providing an /srv/ftp/ directory which includes

mount -bind other_directory1 /srv/ftp/d1
mount -bind other_driectory2 /srv/ftp/q2

...etc

Since sftp via ssh demands that all directories be owned by root I have a problem. The 'other directories' are owned by different sets of groups. We have engineers who will have carte blanche access. I have another group 'manufacturing' who will need to be chrooted to /var/ftp/. They will need to see directories underneath /var/ftp/ and nothing else. We don't want them to be able to cd to any other part of the system. Manufacturing does not have any account on the machine. My last group sales has an account on the server. I have been able to chroot them to there home folder where they also have the same mount --binded directories. Management would like sales to be able to ftp as well as sftp with read only access to the sub directories under their home directory. It is allowable to have them sftp to /srv/ftp/ and ftp to /home/sale/. I would suppose that this may mean that I use a different tool to implement sftp rather then use ssh. Here are my setup files for ssh

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin yes
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no

Match group ftpgroup
ChrootDirectory /srv/ftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/lib/openssh/sftp-server
PasswordAuthentication yes