Question

1

How to allow another user in a group to read a file

rated 0 times [ 1] [ 0] / answers: 1 / hits: 1208 / 2 Years ago, sat, july 16, 2022, 11:18:45

I need help in this question please I have tried several times. Create a file, /home/jack/secretf7b079, containing the string secret5cd51b. Make sure the file is owned by jack. Use a group to enable cedric to also read the file, but not write to it. Make sure pedri can't access the file.

The code I have used by jack user:

cat > /home/jack/secret7b079 and include the string secret5cd51b.

sudo adduser cedric jack, to add the user cedric to jack group.

chmod 640 /home/jack/secret7b079

Thanks!

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

imonove

Add To Favorites

Follow

Total Points: 82

Total Questions: 113

Total Answers: 106

Location: Saint Vincent and the Grenadines

Member since Wed, Nov 3, 2021

3 Years ago

answered 2 Years ago dileble · Accepted Answer

Don't add Cedric to group jack, because that is Jack's personal group. It's a security violation.

In addition to that, in new versions of Ubuntu, the default access to home accounts and files will be 600 for files and 700 for folders, i.e. groups and others can't access the area at all. This is recommended for security, because in previous versions, anyone could access (but not modify) anyone else's data.

You can explicitly set this in older versions of Ubuntu for all of the various home folders as follows:

sudo chmod --recursive go= /home/

A side effect of this is that no matter how you set your secret file within Jack's folder, no one can access it. That's a Good Thing (as Winnie the Pooh might say), both for security and because Jack's folder is personal to Jack.

So…

The right way is to create a brand new folder, not in Jack's area, that all permitted people, and only permitted people, can share.

You specify who may share with a new common group created just for the purpose. You assign the file's ownership to Jack, who can write to the file, and the file's group to the new common group, whose members can read but not modify the file.

Here are the steps. For this example, I've used the folder /home/secshare and the group name secacc, but you can choose a different name for both the folder and the group name (they can have the same name as each other, if you like).

sudo groupadd secacc                           # Create the new security group.



sudo mkdir /home/secshare/                     # The folder to hold the security file.

sudo chown jack:secacc /home/secshare/         # Jack owns the folder. Group has access.

sudo chmod u=rwx,g=rx,o= /home/secshare/       # Jack: rw. Group: r. Others: none.



# Create the file.

echo secret5cd51b | sudo tee /home/secshare/secret7b079



sudo chmod g=r,o= /home/secshare/secret7b079   # Owner: rw. Group: r. Others: none.



# Assign Jack as the owner, and secacc as the group.

sudo chown jack:secacc /home/secshare/secret7b079



# Double-check permissions.

sudo ls -l --directory /home/secshare/

> drwxr-x--- 2 jack secacc 4096 Feb  8 11:48 /home/secshare/

sudo ls -l /home/secshare/

> -rw-r----- 1 jack secacc 13 Feb  8 11:48 secret7b079



# Assign both Jack and Cedric to the group secacc

sudo usermod --append --groups secacc jack

sudo usermod --append --groups secacc cedric

At this point, Jack has full access to both the folder and the files within.

Cedric belongs to group secacc and therefore has read-only access to both the folder and the files within.

Pedri, who doesn't belong to the group secacc, has no access to the folder, and no access to the files within (even if the files within have full read-write access to everyone — test it for yourself).