Help with scripts

iswarya123 · March 4, 2019, 5:24am

Hi Team,

I have a group under that group i wanted to create more than 20 users. Can I create more than 20 users ?and all the users should have the rights to read only particular folder.Is it possible?

Thanks,
Iswarya.M

gull04 · March 4, 2019, 7:03am

Hi,

You need to give us a little more help here, what OS are you using, and what type of system are you using, what shell are you running, have you tried anything? - the more information that you provide the more help it is likely that you will recieve.

An answer to your post - Yes it can be done!

Regards

Gull04

iswarya123 · March 6, 2019, 2:01am

Hi Gull,

Thanks for the reply.
we have linux in place.We have tried the below command for creating user and giving permission for the user under the group.

sudo useradd -G groupname username
sudo passwd username
sudo chown -R username:groupname /foldername

If i i give permission of the folder to user from group i am not able to access.

Regards,
Iswarya.M

RudiC · March 6, 2019, 4:26am

HOW are you "not able to access"? What type of access? Pls show error messages, and file / folder permissions. Also, show the output of groups username , with username obfuscated if need be.

iswarya123 · March 6, 2019, 4:41am

Hi RUdic,

consider a is user and b is group.
I have given read permission for that particular folder to that user(a) under the group(b).After that the user(a) can able to see all the content under /Folder/*.But group b is getting permission denied error for the folder /folder/* .

Regards,
Iswarya.M

RudiC · March 6, 2019, 4:48am

Facts, please, not prose describing what you see / interpret what happened.
Post the user info (as requested above) AND the folder info e.g. ls -l . Do you have additional security features enabled (SELinux et al.)?

rbatte1 · March 6, 2019, 9:32am

Given that we cannot see you server, have no access to it and no desire to do anything on it anyway, perhaps you could actually use the real values (not username and groupname, but user rbatte1 group admin or whatever) and share the screen output (pasted in CODE tags) from the following:-

uname -a                                 # What OS & version are we dealing with
getent group your_group_name             # Is the group listing okay, and does it contain the permitted user
getent user permitted username           # Is the user listing okay and does it have the required group
ls -l /path/to/folder                    # Long list the files in the target directory (or a specific file for clarity
ls -dl /path/to/folder                   # Long list the target directory, looking at permissions there
getenforce                               # Check SELinux state

It would take the guesswork out of it and it is unlikely that there is anything that would be commercially sensitive for you to worry about.

Thanks, in advance,
Robin

bakunin · March 6, 2019, 9:57am

In addition: please post the filesystem type the FS in question is using. You get this by looking at the output of df /path/to/folder and then, using what shows up in the last column, doing a mount | grep <last-value> . i.e.:

# df /path/to/look/at
Filesystem             1K-blocks   Used Available Use% Mounted on
/dev/mapper/mylv         5029504 798444   3952532  17% /path

# mount | grep path
/dev/mapper/mylv on /path type ext4 (rw,relatime,data=ordered)

The background of this question is that some sorts of filesystems have different properties and migh make adjustments to the suggested procedure necessary.

I hope this helps.

bakunin

iswarya123 · March 7, 2019, 5:55am

Hi,

I tried giving permission to the user a by using the below command.

sudo chown -R  o:ec2-user /*

After that i lost my root user access.I dont know the password of root and i have logged in the ec2-user user by using pem key without password.Now i am not able to login ec2-user it is asking password.I have all installed under ec2-user only.
I can able to login only o user with the password.If I do ls nothing is there under "o".

o@  ~cd /
o@  ~ cd ec2-user
-bash: cd: ec2-user/: Permission denied

Can anyone help me to get root access as well as ec2-user access?

Regards,
Iswarya.M

iswarya123 · March 11, 2019, 2:41am

Hi ,
can anyone help me in the above ?

Regards,
Iswarya.M

bakunin · March 11, 2019, 4:07am

First off: please do not bump up threads. If someone can answer you s/he will - and if not, then bumping up the thread won't help you either. Many people here do not visit unix.com regularly on weekends which is probably why your thread hasn't been answered up to now.

Second: yes, i can help you but are not going to like what i say.

The first thing is, you have generally no business tampering with the ownership of rights of files put there by the system. Actually you can do that in select few exceptional cases but if you do that you have to understand you are taking a very big risk and so you should know what you are doing and why pretty clearly beforehand. I like it better that way is NO such reason to do it.

The reason why sudo refuses to use /etc/sudoers now is because it needs to be readable/writable only for root for security reasons. It doesn't make sense to have rules about who is allowed to become root writable by anybody else but root.

Therefore, by changing the right of the file you have made sudo absolutely useless and effectively shut it off. You need a "conventional" way of becoming root therefore, but in many cases these are blocked intentionally for security considerations.

One way is to use su - root and switch to the root user. You need the root password for that and su may be forbidden to be executed.

Second way is to log on as root directly. You also need the root password and root may be forbidden to log on remotely or generally. If it is only forbidden to log on remotely you can log on locally - usually via the KVM, ILO or whatever the maintenance access to the server is called - via a local serial console.

Third, you can use a boot-CD and reboot the server from that, then mount the original root filesystem ( /etc is probably located there) and change the rights back to what it was. Then reboot the server from its own filesystem and it should work again. You will need local access to the server for this and the procedure is going to be disruptive.

I hope this helps.

bakunin

iswarya123 · March 13, 2019, 6:23am

Hi,

sudo issue has been resolved.Thanks bakunin.can i create the more than 20 user under the group?I asked to share the few details ..please find the below

uname
linux
 getent group o
o:x:id:t
ls -l /path/to/folder
-rwxr-xr-x.
df /path/to/folder
Filesystem     1K-blocks      Used Available Use% Mounted on
/*                 838848492 611327160 227521332  73% /
getenforce
Disabled

Regards,
Iswarya.M

rbatte1 · March 14, 2019, 8:05am

Hello iswarya123 ,

Well, I did ask for the -a flag of uname so we got version information. That would be useful in all cases because things change. Just knowing "linux" is pretty useless..

Really, do you have a group called o? Why not something more meaningful? A few more characters would be so much easier for you to understand when you come to look at it later.

Are there no files in /path/to/folder? You don't sho us the long listing in any case (size, time/date etc. is missing)

Please do answer the questions posed in future to help us understand what we are working with. That way we are better placed to help, and that's why you are here in the first place, no? I joined to get help and I think almost everyone else did too. If you don't share what you are asked for (without compromising security or sensitive data, of course) then we are a little blind to the issue and what we can do to help. I don't want to moan, but ......... :rolleyes:

I look forward to your next question, and I hope I can help, preferably before someone else beats me to it!

Kind regards,
Robin

iswarya123 · March 21, 2019, 7:05am

Hi ,
Please find the below:

getent group ec2-user
ec2-user:x:1000:iswarya

I have attached the permission ,size, time/date and uname -a in that attachement.

Please let me know if anyone needs few more information

Regards,
Iswarya.M

Don_Cragun · March 21, 2019, 1:43pm

What you have shown us in the attachments to post #14 is that:

The user root owns several files of varying sizes located in the directory named var/log or one of its subdirectories. All of these files are readable and executable by anyone and writeable by root. If these are log files, having them be executable is strange.
And, at some point in time you typed the string uname -a. onto your string and took a screenshot of it.

Neither of the above answer any of the questions that have been asked.

We have asked for information that we need to be able to help you. Since you refuse to provide answers to the vast majority of our questions we have to assume that you don't want our help.

Bumping up posts asking us to help you when you refuse to provide us with the information we need to help you is a waste of everyone's time. Please provide answers to the questions that you have been asked. We want to help you, but we can't help you if you won't help us help you.