non-root user set group ownership
up vote
0
down vote
favorite
The official Red Hat System Administration I RH124
says:
root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to
[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop
So why can't I add user bboop
to users student
primary student
group as user student
but need to elevate permissions to root
or is it simply me misunderstanding or is it a bug ?
rhel usermod
add a comment |
up vote
0
down vote
favorite
The official Red Hat System Administration I RH124
says:
root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to
[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop
So why can't I add user bboop
to users student
primary student
group as user student
but need to elevate permissions to root
or is it simply me misunderstanding or is it a bug ?
rhel usermod
Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
The official Red Hat System Administration I RH124
says:
root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to
[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop
So why can't I add user bboop
to users student
primary student
group as user student
but need to elevate permissions to root
or is it simply me misunderstanding or is it a bug ?
rhel usermod
The official Red Hat System Administration I RH124
says:
root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to
[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop
So why can't I add user bboop
to users student
primary student
group as user student
but need to elevate permissions to root
or is it simply me misunderstanding or is it a bug ?
rhel usermod
rhel usermod
asked Dec 2 at 10:47
blablatrace
487
487
Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03
add a comment |
Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03
Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03
Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
The "grant ownership" in your quote refers to ownership of the file, with the chown
or chgrp
command.
What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.
Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd
or /etc/group
, but it would be able to give a better error message.
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, thestudent
user might usetouch /tmp/testfile
to create a file with ownerstudent
, groupstudent
, and then usechgrp dtracy /tmp/testfile
to change the ownership to ownerstudent
, groupdtracy
.
– telcoM
Dec 2 at 14:23
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
The "grant ownership" in your quote refers to ownership of the file, with the chown
or chgrp
command.
What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.
Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd
or /etc/group
, but it would be able to give a better error message.
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, thestudent
user might usetouch /tmp/testfile
to create a file with ownerstudent
, groupstudent
, and then usechgrp dtracy /tmp/testfile
to change the ownership to ownerstudent
, groupdtracy
.
– telcoM
Dec 2 at 14:23
add a comment |
up vote
1
down vote
The "grant ownership" in your quote refers to ownership of the file, with the chown
or chgrp
command.
What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.
Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd
or /etc/group
, but it would be able to give a better error message.
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, thestudent
user might usetouch /tmp/testfile
to create a file with ownerstudent
, groupstudent
, and then usechgrp dtracy /tmp/testfile
to change the ownership to ownerstudent
, groupdtracy
.
– telcoM
Dec 2 at 14:23
add a comment |
up vote
1
down vote
up vote
1
down vote
The "grant ownership" in your quote refers to ownership of the file, with the chown
or chgrp
command.
What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.
Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd
or /etc/group
, but it would be able to give a better error message.
The "grant ownership" in your quote refers to ownership of the file, with the chown
or chgrp
command.
What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.
Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd
or /etc/group
, but it would be able to give a better error message.
answered Dec 2 at 11:03
RalfFriedl
5,1173925
5,1173925
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, thestudent
user might usetouch /tmp/testfile
to create a file with ownerstudent
, groupstudent
, and then usechgrp dtracy /tmp/testfile
to change the ownership to ownerstudent
, groupdtracy
.
– telcoM
Dec 2 at 14:23
add a comment |
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, thestudent
user might usetouch /tmp/testfile
to create a file with ownerstudent
, groupstudent
, and then usechgrp dtracy /tmp/testfile
to change the ownership to ownerstudent
, groupdtracy
.
– telcoM
Dec 2 at 14:23
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the
student
user might use touch /tmp/testfile
to create a file with owner student
, group student
, and then use chgrp dtracy /tmp/testfile
to change the ownership to owner student
, group dtracy
.– telcoM
Dec 2 at 14:23
No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the
student
user might use touch /tmp/testfile
to create a file with owner student
, group student
, and then use chgrp dtracy /tmp/testfile
to change the ownership to owner student
, group dtracy
.– telcoM
Dec 2 at 14:23
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485465%2fnon-root-user-set-group-ownership%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03