Permission Groups

sokuban · 2007-03-01 06:24:20

Maybe a stupid question but...

I have had a lot of problems when I was a newbie, and the answer to most of them was "is your user part of the **** group?"

Is there a list anywhere of all the permission groups used in Arch? Is this something that would be the same on all distros?

phrakture · 2007-03-01 06:58:06

No, it's not the same on all distros. For instance, ubuntu uses "www-data" as the "you can change stuff the web server sees" group. We don't.

I think there was a list somewhere... generally, I just check the permissions of the device/file that caused the failure... i.e. cdrom (after following symlinks)

$ ll /dev/sr0
brw-rw---- 1 root optical 11, 0 2007-02-19 02:02 /dev/sr0

mutlu_inek · 2007-03-01 07:12:07

less /etc/group

Snarkout · 2007-03-01 22:07:34

I think that what the OP is asking for is a list of groups you *should* be a member of if you want a full desktop experience. I have to admit to having some issues with this in the past myself, especially when, as Phrak points out, different distros have different groups. There's also the fact that the groups file seems to have evolved some in recent years, and many people don't even know what half of the entries are for, exactly, myself included.

s26c.sayan · 2007-03-12 19:55:57

I need to know what groups should my normal user belong to if I want to be able to connect to net as normal user (using the adsl daemon), burn CD-s and listen to music via MPD.

Maybe you guys an help me!!
Thanks!!

elasticdog · 2007-03-12 20:54:36

Didn't somebody post a wiki page with the common groups and what each one does? I tried searching, but couldn't find it anywhere...either way, it might be helpful since it is fairly confusing and comes up fairly often here on the forums.

Zer0 · 2007-03-13 00:19:00

I asked about this once on IRC and saw planning to make a wiki, it's too bad I never got around to it. I think this is something that every arch user has thought about at one point.. "what the heck is that group for" or "what group do I need to be in to get [something] working".

A "list of groups" wiki would be perfect for this along the lines of..

audio = sound
camera = camera devices
scanner = scanners
optical = dvd/cd drives

etc.. a long overdue wiki but at the same time I'm not going to install every package to get the list of all groups.. I say we converge our lists here then we write a wiki page.

Here are mine.

adm
audio
avahi
bin
camera
daemon
dbus
disk
floppy
ftp
hal
kmem
log
lp
mail
mem
network
nobody
optical
power
root
scanner
slocate
smmsp
storage
sys
tty
users
video
wheel

pretty overwhelming, I still don't know what half of em are

junglepeanut · 2007-03-13 00:37:37

Wow, thats a lot... I don't have any issues that I know of but I am little confused as I am only in

optical,audio, and storage

everything seems to work fine...

mutlu_inek · 2007-03-14 01:52:33

Zer0 wrote:

Here are mine.

I also have:

abs
mysql
thinkpad
vmware

I am a member of:

abs
audio
camera
floppy
log
optical
scanner
slocate
storage
thinkpad
[users]
video
vmware
wheel

Zer0 wrote:

A "list of groups" wiki would be perfect for this along the lines of..
audio = sound
camera = camera devices
scanner = scanners
optical = dvd/cd drives

abs = rights to Arch's auto build system
floppy = floppy drive
log = access to log files in /var/log
slocate = access to command updatedb
storage = access to external drives
thinkpad = for thinkpad users accessing /dev/misc/nvram through e.g. tpb
video = ?
vmware = right to execute vmware
wheel = right to do su

s26c.sayan · 2007-03-14 08:17:38

N00b question : Is there any group that the normal user needs to be a member of if he wishes to have R/W access to all the mounted partitions of the current hard drive??

I am currently acheiving this by 'chown'-ing the /mnt directory recursively.Is there another way?

AlmaMater · 2007-03-14 15:50:05

i olso dont undestand very much the meaning of every group

i added myself whit
audio
video
optical
storage
wheel
power <-- whit that i didnt had to install sudo to be able to reboot-shutdown my laptop

Snowman · 2007-03-16 22:28:00

s26c.sayan wrote:

N00b question : Is there any group that the normal user needs to be a member of if he wishes to have R/W access to all the mounted partitions of the current hard drive??
I am currently acheiving this by 'chown'-ing the /mnt directory recursively.Is there another way?

This is usually done with a mount option. What filesystem are you using?

BTW, the video group is for DRI/ 3D video acceleration.

fishonadish · 2007-03-16 22:42:43

mutlu_inek wrote:

wheel = right to do su

I'm not a member of this group, and can use su from my user account...
Is this what you meant, or is it that root must be a member of the wheel group for users to use su?

s26c.sayan · 2007-03-17 08:06:18

This is usually done with a mount option. What filesystem are you using?

I have my Arch installation currently on a XFS partition (but I might well revert to reiserfs soon).
The partitions I want to mount wth R/W permissions are all ext3.

Snarkout · 2007-03-17 20:36:45

fishonadish wrote:

mutlu_inek wrote:
wheel = right to do su
I'm not a member of this group, and can use su from my user account...
Is this what you meant, or is it that root must be a member of the wheel group for users to use su?

It's a pam option at this point, but traditionally on unix and unix-like systems this was a way to help fight against priv escalation by users who weren't supposed to have access.

Snowman · 2007-03-17 21:19:07

s26c.sayan wrote:

This is usually done with a mount option. What filesystem are you using?
I have my Arch installation currently on a XFS partition (but I might well revert to reiserfs soon).
The partitions I want to mount wth R/W permissions are all ext3.

I'm setup on ext3 partitions. For the single partition that I mount manually, I have this line in /etc/fstab:

/dev/hda5  /mnt/bak_orion ext3  noauto,user,rw,suid,dev,exec,async   0   1

This enable me to mount it as a regular user which gets rw permissions.

brucebertrand · 2007-03-19 01:38:16

Here's a wiki link:
http://wiki.archlinux.org/index.php/Groups

go at it.

Zer0 · 2007-03-20 23:31:00

great.. a wiki finally. I did my part..

- posted up the groups I know
- added how to "list files owned by groups" and "add user to a group"
- cleaned up a bit
- fixed wheel group description. I believe wheel group affects sudo and not su. I can run su without being a member of wheel but for sudo I have edit /etc/sudoers (with visudo command) and add my user to the wheel group. Please correct me if this is wrong!

anyone else?

matahari · 2007-04-06 11:55:11

you can uncomment this line :

auth required pam_wheel.so use_uid

@ /etc/pam.d/su
so only user in wheel can do su

Arch Linux

#1 2007-03-01 06:24:20

Permission Groups

#2 2007-03-01 06:58:06

Re: Permission Groups

#3 2007-03-01 07:12:07

Re: Permission Groups

#4 2007-03-01 22:07:34

Re: Permission Groups

#5 2007-03-12 19:55:57

Re: Permission Groups

#6 2007-03-12 20:54:36

Re: Permission Groups

#7 2007-03-13 00:19:00

Re: Permission Groups

#8 2007-03-13 00:37:37

Re: Permission Groups

#9 2007-03-14 01:52:33

Re: Permission Groups

#10 2007-03-14 08:17:38

Re: Permission Groups

#11 2007-03-14 15:50:05

Re: Permission Groups

#12 2007-03-16 22:28:00

Re: Permission Groups

#13 2007-03-16 22:42:43

Re: Permission Groups

#14 2007-03-17 08:06:18

Re: Permission Groups

#15 2007-03-17 20:36:45

Re: Permission Groups

#16 2007-03-17 21:19:07

Re: Permission Groups

#17 2007-03-19 01:38:16

Re: Permission Groups

#18 2007-03-20 23:31:00

Re: Permission Groups

#19 2007-04-06 11:55:11

Re: Permission Groups

Board footer