UNIX - How to give user rights over another user and so I don't need to sudo or type password?

unix git permissions hook
10,003

Solution 1

As requested, a bit of a tutorial on groups. Hopefully this isn't too elementary.

By default, most user accounts are also part of a group of the same name. To determine what groups an account is a member of, use the groups command.

# groups root
root : root bin daemon sys adm disk wheel

The first one listed is the primary group, and will be the default group owner of any files that user creates. That's listed in the output of ls as the second 'root' entry.

# touch testfile
# ls -l testfile
-rw-r--r--  1 root root 19 Jan 29 08:37 testfile

In order to add a user to a group, you use usermod as shown. The lowercase "-g" flag you gave it changes the primary group. It may be better to change just a secondary one, using the "-G" and "-a" flag. Namely, to put the git user into luddico's group.

# usermod -G luddico -a git
# groups git
git : git luddico

This should give git access to any files that are owned by the luddico group, and have appropriate group permissions. Group permissions are the second "rwx" set listed in ls. The testfile I showed above only allows read access by the root group. If you wanted to give all members of that group write access, you would have to use chmod for that.

# ls -l testfile
-rw-r--r--  1 root root 19 Jan 29 08:37 testfile
# chmod g+w testfile
# ls -l testfile
-rw-rw-r--  1 root root 19 Jan 29 08:37 testfile

Now anyone in the root group can read or write to testfile. Apply the same concept to Luddico's files.

Solution 2

If you want to grant a user (such as git in your examples) access to another user's space, put them in the same group and set group rights accordingly.

If you need more complex access control list functionality, you should look into POSIX ACLs as provided by getfacl(1) and setfacl(1).

Share:
10,003

Related videos on Youtube

Joonas Vali
Author by

Joonas Vali

My primary focus over the past 15 years has been full-stack web development and implementation, experimenting with technologies while thinking openly about how tech and users can interact. Currently, acting as a web consultant for goal-oriented businesses and concentrating on designing interactive systems, UX research/ implementation and engineering/development of elaborate online platforms.

Updated on September 17, 2022

Comments

  • Joonas Vali
    Joonas Vali over 1 year

    I have 2 users in question

    git user - used for gitosis - so it's a No password user and it can be accessed only through root...

    user user - where my files reside

    so what I would like to do is give the user git rights to navigate to a luddico folder like this

    [email protected]:~/respositories# cd /home/user/websites/domain.com

    and then perform any action inside the user user files (any file/folder) so this way I can for example

    [email protected]:/home/user/websites/domain.com#  git pull

    because actually the action metioned above, returns:

    error: cannot open .git/FETCH_HEAD: Permission denied

    so when I ask for actions like this, it requests git's password which btw doesn't have any, or cancel it straight away

    so How could I configure the user git to have like root/admin rights over the user user without need to provide any password or sudo before the commands? just like if it was root

    • It would be even nicer if there is a way to just allow specific commands from git to user

    Thanks in advance

    • user1686
      user1686 over 14 years
      For my single-user repos, I access [email protected]:foo.git in git directly. Simpler than gitosis.
  • Joonas Vali
    Joonas Vali over 14 years
    Thanks dotplus, I've added a new group with root access with groupadd web, then I've usermod -g web git and usermod -g web ludicco, but apparently it still doesn't have the proper rights, very sorry but I'm new to all of this, so you if could please post some example on how I should proceed I'd appreciate that. Thanks a lot
  • Joonas Vali
    Joonas Vali over 14 years
    Christopher, thanks a lot for that it really made me understand quite well all what's behind, for me it was an excellent class. Cheers
  • dotplus
    dotplus over 14 years
    if 'git' and 'ludicco' are both in the group 'web', then you can ensure that they both have read/write access to a file with chmod g+rw /path/to/file. In order to enter a directory, your id or a group that you are a member of should have execute rights on that directory.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Git - post-receive hook with git pull "Failed to find a valid git directory"
How to use group file permissions correctly on a git repository?
how to allow the access of git/config in mac os?
Is there a C function to get permissions of a file?
mkdir permission denied
understanding and decoding the file mode value from stat function output
How do I remove all traces of Git for my repository?
session_start() failed: Permission denied (13)
Permission denied for curl command
Git remote: error- 'remote:error: unable to unlink old 'filename_here' (permission denied)' after git push