PDA

View Full Version : Group acces not sufficient?



bogomipz
2007-07-14, 06:36
Hi all,

I run Slimserver 6.5.2 on Linux. All my music is stored under my personal account, while the server runs as user slimserver. Both are in group users. I guess this is a quite common setup.

The problem is that even though the files have the correct permissions on the group level, Slimserver cannot access them unless they are world readable! This means I have to make my home directory world readable, which I am not too found of.

Can anybody explain why this happens, and could it be fixed so that group access actually works?

Thanks,
Truls

SteveEast
2007-07-14, 07:06
Does your home directory belong to group "users"?

Steve.

bogomipz
2007-07-14, 07:17
Does your home directory belong to group "users"?

Yes, all the way down to the music files.

I tried logging in as slimserver and accessing the files. This worked as expected, even when my home directory had no permissions for users not in the group. With these permissions, the slimserver user can read the files, but the slimserver software can't. Adding read access for world makes the server work again.

SteveEast
2007-07-14, 07:51
Try running something like:

ps -p <slimserver pid> -o pid,egroup,rgroup,sgroup,fgroup,command

and seeing exactly how slimserver is running.

Steve.

Robin Bowes
2007-07-14, 08:05
bogomipz wrote:
> Hi all,
>
> I run Slimserver 6.5.2 on Linux. All my music is stored under my
> personal account, while the server runs as user slimserver. Both are in
> group users. I guess this is a quite common setup.

I'd wager that your home dir has perms drwx------ i.e. it is only
readable by your user ID.

R.

bogomipz
2007-07-14, 08:30
Try running something like:

ps -p <slimserver pid> -o pid,egroup,rgroup,sgroup,fgroup,command

and seeing exactly how slimserver is running.


$ ps -p `pidof -x slimserver.pl` -o pid,euser,egroup,ruser,rgroup,suser,sgroup,fuser,f group,command
PID EUSER EGROUP RUSER RGROUP SUSER SGROUP FUSER FGROUP COMMAND
4134 1002 root root root root root 1002 root /usr/bin/perl -w ./slimserver.pl --daemon --user slimserver --prefsfile /home/slimserver/.slimserver.pref --cachedir /var/cache/slimserver --pidfile /var/run/slimserver.pid --logfile /var/log/slimserver.log

The server was started as root with parameter --user slimserver. Adding --group users changed EGROUP and FGROUP above to "users", and now it works.

Thanks alot for the help, SteveEast :)

bogomipz
2007-07-14, 08:37
I'd wager that your home dir has perms drwx------ i.e. it is only
readable by your user ID.

I wanted it to be drwxr-x--- but it wouldn't work unless I used drwxr-xr-x.

The problem was that the server ran as slimserver:root, and not slimserver:users as I thought it did.

On a side note, this proves that there's no such thing as a super group, only super user.

Truls

snarlydwarf
2007-07-14, 09:37
On a side note, this proves that there's no such thing as a super group, only super user.


group 0 used to only be magical in that you had to be in group 0 (called "wheel" at the time) in order to su to root.

Now it is pretty much meaningless on most systems. (I don't think any common version of su does the 'wheel' check any more.)

And that is your boring unix history lesson of the day. :)

bogomipz
2007-07-14, 09:50
I don't know much su history, but sudo still uses wheel, although not in any magical way. It's just that there are some wheel rules in the default sudoers file, ready to be uncommented.

GID 0 is root on most systems, and wheel has some other GID (10 on Archlinux).