You are not logged in.

#1 2010-11-15 22:22:13

darkbeanies
Member
Registered: 2009-01-14
Posts: 142

Some random questions about groups

Hello, where are the privileges of groups specified?  Like, I mean, what makes a member of the "wheel" group able to use sudo (after you edit the sudoers file), or a member of the "audio" group able to access the sound card?  Is there a configuration file somewhere?  If I create my own group, how do I specify what that group can do?  And why do half the groups not do what they intuitively should allow the user to do (eg being a member of the power group alone does not allow a user to shutdown, being a member of hal does not allow a user to mount disks without sudo, etc. etc.)

I tried googling but it wasn't very successful.  One-line replies in the form of hyperlinks are welcome!  As are other one-line answers, and indeed detailed, in-depth responses that I may not understand...

Offline

#2 2010-11-15 22:35:01

ikamusume
Member
Registered: 2010-11-15
Posts: 7

Re: Some random questions about groups

I'm using common sense here to make a wild guess. So if I'm not mistaken, they're mostly hardcoded and their primary use is having access to files/resources/devices outside your home directory, which are owned by the respective groups.


yakui 2.6.36-ARCH x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ AuthenticAMD GNU/Linux
suika 2.6.32-lts i686 Intel(R) Atom(TM) CPU N270 @ 1.60GHz GenuineIntel GNU/Linux
Nokia-N900 2.6.28.10power46 armv7l

Offline

#3 2010-11-15 22:56:45

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: Some random questions about groups

I don't know about sudo, but usually a file is accessible to only a group because
1) the file is owned by the group
2) members of that group have at least read permissions on that file
For example, my audio devices are owned by the audio group and the audio group is given read and write access.

See also the man pages for chown, chmod and chgrp. Hopefully you can extrapolate from there. smile


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#4 2010-11-15 23:37:05

darkbeanies
Member
Registered: 2009-01-14
Posts: 142

Re: Some random questions about groups

Aaah, I see.  So there really is no definition of what a group can do, because it just depends on whether that group happens to own or be able to read a particular file or not.  And I can just create any old group and chown the files I want that group to access to "define" what that group can do.

Interesting...so maybe the wheel group owns a weird file somewhere that lets you use sudo, or something?

Oh well, that makes more sense now anyway.  Thanks for putting me on the right track!

Offline

#5 2010-11-15 23:43:58

thestinger
Package Maintainer (PM)
From: Toronto, Canada
Registered: 2010-01-23
Posts: 478

Re: Some random questions about groups

The wheel group works because sudo and su check to see if the user belongs to wheel if you have them configured that way

/etc/sudoers

# This file MUST be edited with the 'visudo' command as root.

Defaults env_reset,tty_tickets,timestamp_timeout=0,insults

root    ALL=(ALL) ALL
%wheel    ALL=(ALL) ALL

/etc/pam.d/su

# Uncomment the following line to require a user to be in the "wheel" group.
auth        required    pam_wheel.so use_uid

/etc/group contains the group info (they probably check this file, but likely through a system call)

Last edited by thestinger (2010-11-15 23:45:34)

Offline

Board footer

Powered by FluxBB