SOLVED: users, groups and permissions

mt_arch_user · 2025-09-02 05:57:30

I know I should ask only one question per topic, but one answer leads to another question in this case.

I have three computers running Arch on my network.
I have two computers running openSUSE my network. One of them is a headless server.
All systems have at least two users, just in case of a problem with one users desktop.

To my regret, I just allowed each system to assign user numbers and group numbers to each user as it saw fit.
Now, I'm having problems with access of files from one system to another.

I would like to be able to be able to access files with read/write permissions, at least on the server, no matter who created them.
openSUSE uses a users group, assigned as default, to each user. Arch creates a group with the same name as the user and assigns it as the default group. The Wiki explains the reasons for this, and I understand it, but it defeats what I want to do.

Should I change the users number, for each user, on each machine to be unique to that user? ie: Bob would be 1000, Bill would be 1001, Susan would be 1002, etc?

Should I create a users group on the Arch machines, group number 2000, and assign it as the default group for all users and set default permissions to 770?

If a file exists with the group of <whatever> and the user attempting to access that file belongs to that group but it is not the default group for that user, can he still access that file?

Am I overthinking this whole mess? There are normally only two users on any machine, my wife and I. If I did what I am proposing, if I added a user and didn't want to give them access to say the server, I could not add them to the users group.

Sorry if this is TL:DR but I just can't seem to find the answers I need anywhere else.

Last edited by mt_arch_user (2025-09-11 21:59:16)

seth · 2025-09-02 08:12:13

Is this a continuation of https://bbs.archlinux.org/viewtopic.php?id=307735 ?
https://wiki.archlinux.org/title/Users_ … sed_groups
You could add your group to your wifes user and your wifes group to your user.
Or you create a group "powercouple" and make that the primary group for both of you (so files get owned bob:powercouple and susan:powercouple by default and the 220 umask limits access two the two of you. You can then still chown bob:bob your por… "private stuff" to hide it from your wife )

Using the shared users group for subset of otherwise equally privileged users *might* run you into trouble when the group is used by SuSE to control access to vital gloabl files (eg. in /etc)

mt_arch_user · 2025-09-02 10:13:48

That's a wonderful idea! I'm going to implement that.

I'll have to change all, or most of the existing files, but a lot less than I was thinking.

I have created a script that will let me do that.
I'm willing to share it. Is that a section where I could, or should post it?

Thanks so much for you suggestion.

Bart

mt_arch_user · 2025-09-09 14:14:07

What a mess! I'm almost done but ran into a problem with ssh. I assumed that all files in the home directory could have 770 permissions. Seems only the owner can have write permissions for ssh! <grin> Fixed that. Are there any other directories where that is the requirement?

seth · 2025-09-09 15:08:22

https://wiki.archlinux.org/title/GnuPG#Home_directory - basically anything that deals w/ encryption

mt_arch_user · 2025-09-11 22:18:39

I now have things working as I want.

I changed the umask settings on all machines to reflect the permissions I wanted.
I changed the user numbers so each user has the same number on all machines
I changed the group numbers so each group has the same number on all machines
I added a new group on all machines and made it the default group for my wife and I.
I changed the owner and group number on all files in each users home directory to reflect the new numbers.
I changed the permissions on all files and directories to reflect what I wanted to do.
I changed the permissions on the files in /.gnupg to remove all permissions except for the owner.
The Wiki mentioned some other files related to that process but they did not exist on my system

Now my file server can act as a local drive but be shared with my wife.
She can start a document, ask for my input, and I can open and modify the file right from the server.

Why would I do all this? Because she wants my input quite often, and I don't want to use her computer
to make changes to her file. I hate her keyboard, I use a Unicomp and she doesn't. I use dark mode and she doesn't,
I have a comfortable chair and hers doesn't fit me. And, mostly, because I could.

A huge thanks to Seth! Your help was critical to my success.

Arch Linux

#1 2025-09-02 05:57:30

SOLVED: users, groups and permissions

#2 2025-09-02 08:12:13

Re: SOLVED: users, groups and permissions

#3 2025-09-02 10:13:48

Re: SOLVED: users, groups and permissions

#4 2025-09-09 14:14:07

Re: SOLVED: users, groups and permissions

#5 2025-09-09 15:08:22

Re: SOLVED: users, groups and permissions

#6 2025-09-11 22:18:39

Re: SOLVED: users, groups and permissions

Board footer