HPE Community
Operating System - HP-UX
1837835 Members
2379 Online
110121 Solutions
New Discussion

user permissions

 
Allan Pincus
Frequent Advisor

‎10-09-2002 01:40 PM

‎10-09-2002 01:40 PM

user permissions

Hi,

I have user "Mike" and want him to have the same owner permissions as user "John". I know there is an easy way to do this, but I don't remember how.

That way, Mike and John can have different user environments, but can modify each other's files. Group permission is not enough because I have a number of users in the same group, but Mike and John need to be able to edit the same files.

Can someone help me?

Thanks!
0 Kudos
Reply
7 REPLIES 7
Ted Ellis_2
Honored Contributor

‎10-09-2002 02:04 PM

‎10-09-2002 02:04 PM

Re: user permissions

create a brand new group using groupadd

groupadd -g gid NEWGROUP

now make Mike and John members of this group as secondary to their primary group

usermod -G NEWGROUP Mike
usermod -G NEWGROUP John

then any files they need to share can be owned by them and this NEWGROUP

Ted
0 Kudos
Reply
Ted Ellis_2
Honored Contributor

‎10-09-2002 02:05 PM

‎10-09-2002 02:05 PM

Re: user permissions

the usermod -G will add the user to this group as a secondary and will leave the primary group assignment intact. You will notice that after the usermod is run the Mike or John name will be added as a field entry to the line for NEWGROUP in the /etc/group file.... just in case you were wondering

Ted
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎10-09-2002 02:07 PM

‎10-09-2002 02:07 PM

Re: user permissions

Hi Allan,

What you would do is assign the SAME UID (User ID) to BOTH users. You can give them separate primary GIDs (Group IDs) if you wish.

Say Mike is already on the system with UID=1105, when you create John give him UID=1105 as well.

They then become essentially the same user.

NOTE: DO NOT DO THIS WITH THE USER root WITH ANYBODY - root UID=0.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Michael Tully
Honored Contributor

‎10-09-2002 02:12 PM

‎10-09-2002 02:12 PM

Re: user permissions

One thing I would not do is to assign the same UID to both users. There are enough ways to create the appropriate permissions. Assigning the same UID's is creating a significant security problem. Once you start doing this when does it end.

same groups
ACL's if necessary
Anyone for a Mutiny ?
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎10-09-2002 02:48 PM

‎10-09-2002 02:48 PM

Re: user permissions

I would agree with you, Michael, but as he laid that out - outside of ACLS I see no other way.

We face the same type problem with the application groups always wanting "generic" accounts.....

Allan - Michael is entirely correct - this is a slippery slope to go down. Security-wise the system will see no difference between these users. So you've been warned......

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Thomas M. Williams_1
Frequent Advisor

‎10-10-2002 07:03 AM

‎10-10-2002 07:03 AM

Re: user permissions

Allan - As with 95% of all situations there are many resolutions. But I think Ted's suggestion is going to be your best solution. The only thing I would do differently is to make the new group the primary group for Mike and John. The original primary would then become part of the secondary group list. This way you don't run into the issue of Mike creating a file having a group permission for which John is not a part of.

I Think the Clock is Slow ...
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎10-10-2002 11:52 AM

‎10-10-2002 11:52 AM

Re: user permissions

I'll second the "same UID" is a bad Idea, and not for only reasons listed.
Some programs use UID and not USERNAME, so will get confused and start failing. On top of failing programs add the security risks and bickering when someone deletes someone elses stuff and you have a nightmare. IMHO if your sharing UID's you may as well give them both the same ID because that is what it is. Just the illusion that they are separate as there are 2 ways to log into the same account.

Remember that sticky bits are your friends for shared files and applications, and with good sysadmin skills you prolly dont need ACL's.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.