non-root user set group ownership











up vote
0
down vote

favorite












The official Red Hat System Administration I RH124 says:




root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to




[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop


So why can't I add user bboop to users student primary student group as user student but need to elevate permissions to root or is it simply me misunderstanding or is it a bug ?










share|improve this question






















  • Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
    – Haxiel
    Dec 2 at 11:03















up vote
0
down vote

favorite












The official Red Hat System Administration I RH124 says:




root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to




[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop


So why can't I add user bboop to users student primary student group as user student but need to elevate permissions to root or is it simply me misunderstanding or is it a bug ?










share|improve this question






















  • Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
    – Haxiel
    Dec 2 at 11:03













up vote
0
down vote

favorite









up vote
0
down vote

favorite











The official Red Hat System Administration I RH124 says:




root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to




[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop


So why can't I add user bboop to users student primary student group as user student but need to elevate permissions to root or is it simply me misunderstanding or is it a bug ?










share|improve this question













The official Red Hat System Administration I RH124 says:




root can grant ownership to any group, while non-root users can grant
ownership only to groups they belong to




[student@web ~]$ id student
uid=1000(student) gid=1000(student) groups=1000(student),1009(dtracy)
[student@web ~]$ grep bboop /etc/passwd
bboop:x:1008:1008::/home/bboop:/bin/bash
[student@web ~]$
[student@web ~]$ usermod -G student bboop
-bash: /usr/sbin/usermod: Permission denied
[student@web ~]$ su -c 'usermod -G student bboop'
Password:
[student@web ~]$ grep student /etc/group
student:x:1000:bboop


So why can't I add user bboop to users student primary student group as user student but need to elevate permissions to root or is it simply me misunderstanding or is it a bug ?







rhel usermod






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 2 at 10:47









blablatrace

487




487












  • Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
    – Haxiel
    Dec 2 at 11:03


















  • Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
    – Haxiel
    Dec 2 at 11:03
















Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03




Can you add the complete sentence/paragraph for that context? It's a little vague in its current form.
– Haxiel
Dec 2 at 11:03










1 Answer
1






active

oldest

votes

















up vote
1
down vote













The "grant ownership" in your quote refers to ownership of the file, with the chown or chgrp command.



What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.



Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd or /etc/group, but it would be able to give a better error message.






share|improve this answer





















  • Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
    – blablatrace
    Dec 2 at 11:23










  • No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
    – telcoM
    Dec 2 at 14:23











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485465%2fnon-root-user-set-group-ownership%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote













The "grant ownership" in your quote refers to ownership of the file, with the chown or chgrp command.



What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.



Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd or /etc/group, but it would be able to give a better error message.






share|improve this answer





















  • Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
    – blablatrace
    Dec 2 at 11:23










  • No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
    – telcoM
    Dec 2 at 14:23















up vote
1
down vote













The "grant ownership" in your quote refers to ownership of the file, with the chown or chgrp command.



What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.



Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd or /etc/group, but it would be able to give a better error message.






share|improve this answer





















  • Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
    – blablatrace
    Dec 2 at 11:23










  • No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
    – telcoM
    Dec 2 at 14:23













up vote
1
down vote










up vote
1
down vote









The "grant ownership" in your quote refers to ownership of the file, with the chown or chgrp command.



What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.



Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd or /etc/group, but it would be able to give a better error message.






share|improve this answer












The "grant ownership" in your quote refers to ownership of the file, with the chown or chgrp command.



What you are trying to do has nothing to do with ownership, it is about membership. Just because a regular user is member of a group doesn't mean the he can add any other user to this group. Assigning users to groups is an administrative task that requires root privileges.



Also note that the error message "bash: /usr/sbin/usermod: Permission denied" indicates that the usermod binary doesn't even have execute permissions for regular users. It wouldn't work anyway without write access to /etc/passwd or /etc/group, but it would be able to give a better error message.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 2 at 11:03









RalfFriedl

5,1173925




5,1173925












  • Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
    – blablatrace
    Dec 2 at 11:23










  • No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
    – telcoM
    Dec 2 at 14:23


















  • Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
    – blablatrace
    Dec 2 at 11:23










  • No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
    – telcoM
    Dec 2 at 14:23
















Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23




Yes, indeed. But the line while non-root users can grant ownership only to groups they belong to refers only to given users primary group, correct? I mean I cannot assign a supplementary group to a file even if I'm a member of that supplementary group.
– blablatrace
Dec 2 at 11:23












No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
– telcoM
Dec 2 at 14:23




No, you can grant group ownership of any group you're a member of, to any file you actually own. The primary group is just the group to which the files you create get assigned to by default. In your example, the student user might use touch /tmp/testfile to create a file with owner student, group student, and then use chgrp dtracy /tmp/testfile to change the ownership to owner student, group dtracy.
– telcoM
Dec 2 at 14:23


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485465%2fnon-root-user-set-group-ownership%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Accessing regular linux commands in Huawei's Dopra Linux

Can't connect RFCOMM socket: Host is down

Kernel panic - not syncing: Fatal Exception in Interrupt