Permissions - folders and files

[abarbarian]

Do these permissions look ok for these folders ???

 

 

 

 

I am asking as I still have gremlins running around my Arch setup.

 

Not only are they messing with steam they are also messing with Window Maker. I tried to make a new theme today and it will not load up. Also if I make a small change to another installed  theme the change will not load. Change the theme back to its original state and it loads.

So something weird is going on.

[securitybreach]

That is normal for files in your $HOME directory. I do not use graphical file managers much but here a shot from pcmanfm

 

[securitybreach]

Oh wait....the Groups should say users, not your username

[securitybreach]

I doubt you have a group called bloodaxe as its a user not a group.

[securitybreach]

If your steam directory is also using the wrong group, that might explain why it won't open correctly.

[abarbarian]

1 hour ago, securitybreach said:

I doubt you have a group called bloodaxe as its a user not a group.

 

Quote

Example adding a user

To add a new user named archie, creating its home directory and otherwise using all the defaults in terms of groups, directory names, shell used and various other parameters:

# useradd -m archie

Tip: The default value used for the login shell of the new account can be displayed using useradd --defaults. The default is Bash, a different shell can be specified with the -s/--shell option; see /etc/shells for valid login shells.

Although it is not required to protect the newly created user archie with a password, it is highly recommended to do so:

# passwd archie

The above useradd command will also automatically create a group called archie and makes this the default group for the user archie. Making each user have their own group (with the group name same as the user name) is the preferred way to add users.

 

Well following the wiki I should have and do ,

 

-->groups
cups gamemode storage lp wheel bloodaxe

 

Those are the groups I have been using for ages so they should not be at fault.

 

Is your screenshot taken from the same location as my first or second screenshot ?? I do not have any mention of " execute " in any of my shots.

 

Thanks for yer help by the way.

Edited June 25, 2023 by abarbarian

[securitybreach]

I've never had a group with my username in all my years of using linux

 

Cerberus :: ~ » groups
network power wireshark docker users video storage optical audio wheel

 

Those instructions are wrong
 

[securitybreach]

Ah, never mind some distros use that

[securitybreach]

You should still have a users group as anything installed will be looking for that group as well.

[V.T. Eric Layton]

Personally, I would NOT use those permissions, @abarbarian. My entire /home/vtel57 directory had these permissions:

 

Owner (vtel57)

- Access: Read & Write

 

- Group: users

- Access: None

- Others: None

[abarbarian]

42 minutes ago, securitybreach said:

You should still have a users group as anything installed will be looking for that group as well.

 

Well I have never been in a user group since I set up this instal. An I followed the wiki in setting this up which is what everyone advises for beginners when doing an install.

 

Which home folder are you guys talking about ?

 

My first screen shot has permissions for the home folder  as highlighted. My second screenshot is the home folder which shows when you click on the home folder in the first screenshot. Both folders as you can see have different permissions.

I am thoroughly confused.

[securitybreach]

/home/username

[securitybreach]

$HOME Is a variable that points to /home/username

 

So cd $HOME/Downloads would open /home/bloodaxe/Downloads

[abarbarian]

On 6/25/2023 at 1:56 PM, securitybreach said:

I doubt you have a group called bloodaxe as its a user not a group.

 

https://wiki.archlinux.org/title/users_and_groups#Example_adding_a_user

 

Quote

The above useradd command will also automatically create a group called archie and makes this the default group for the user archie. Making each user have their own group (with the group name same as the user name) is the preferred way to add users.

You could also make the default group something else using the -g option, but note that, in multi-user systems, using a single default group (e.g. users) for every user is not recommended. The reason is that typically, the method for facilitating shared write access for specific groups of users is setting user umask value to 002, which means that the default group will by default always have write access to any file you create. See also User Private Groups. If a user must be a member of a specific group specify that group as a supplementary group when creating the user.

 

https://wiki.archlinux.org/title/users_and_groups#Unused_groups

 

Quote

Unused groups

The following groups are currently not used for any purpose:

 

users

The primary group for users when user private groups are not used (generally not recommended), e.g. when creating users with USERGROUPS_ENAB no in /etc/login.defs or the -N/--no-user-group option of useradd.

 

Edited June 26, 2023 by abarbarian

[securitybreach]

Hmm, well ok.

[V.T. Eric Layton]

I use the command useradd in Slackware to create my user when I first do a clean install. It does not create any user groups, though. However, it does add the new user to the /etc/group. Be aware, though, /etc/group is NOT a listing of users. It is used to "allow" users to utilize  different portions of the operating system, such as: printers, audio, ssh, etc. Here's what mine looks like:

 

root:x:0:root
bin:x:1:root,bin
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp,vtel57
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:vtel57
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
dialout:x:16:uucp
audio:x:17:root,pulse,vtel57
video:x:18:vtel57
cdrom:x:19:vtel57
games:x:20:
slocate:x:21:
utmp:x:22:
smmsp:x:25:smmsp
tape:x:26:
mysql:x:27:
rpc:x:32:
sshd:x:33:sshd
gdm:x:42:
shadow:x:43:
ftp:x:50:
oprofile:x:51:
sddm:x:64:
pulse:x:65:
input:x:71:
apache:x:80:
messagebus:x:81:
haldaemon:x:82:
plugdev:x:83:vtel57
power:x:84:vtel57
netdev:x:86:vtel57
polkitd:x:87:
pop:x:90:pop
scanner:x:93:vtel57
nobody:x:98:nobody
nogroup:x:99:
users:x:100:
console:x:101:

 

All useradd does is create a new user to access the OS. In my case, "vtel57" is the ONLY user on this system. If I had multiple users, they would all have their own /home/<username> and the Permissions would be set to allow access to ONLY that user (and Root, of course... because GOD!).

[abarbarian]

7 hours ago, securitybreach said:

Hmm, well ok.

 

I can only go by what I read in the  wiki and other places. Before systemd I remember having to add myself to  ,audio,video, etc etc. Looks like every thing has changed.As your set up is running ok for you that is fine. If you ever have to do a fresh install this group thing is something to keep in mind. That is if it has not changed again.

 

I could get away with just using "Storage.Wheel,Bloodaxe."

 

root:x:0:root
sys:x:3:bin
mem:x:8:
ftp:x:11:
mail:x:12:
log:x:19:
smmsp:x:25:
proc:x:26:polkitd
games:x:50:
lock:x:54:
network:x:90:
floppy:x:94:
scanner:x:96:
power:x:98:
adm:x:999:daemon
wheel:x:998:bloodaxe
kmem:x:997:
tty:x:5:
utmp:x:996:
audio:x:995:
disk:x:994:
input:x:993:
kvm:x:992:
lp:x:991:cups
optical:x:990:
render:x:989:
storage:x:988:bloodaxe
uucp:x:987:
video:x:986:
users:x:985:
systemd-journal:x:984:
rfkill:x:983:
bin:x:1:daemon
daemon:x:2:bin
http:x:33:
nobody:x:65534:
dbus:x:81:
systemd-journal-remote:x:982:
systemd-network:x:981:
systemd-resolve:x:980:
systemd-timesync:x:979:
systemd-coredump:x:978:
uuidd:x:68:
avahi:x:977:
polkitd:x:102:
colord:x:976:
nvidia-persistenced:x:143:
bloodaxe:x:1000:
ntp:x:87:
git:x:975:
rtkit:x:133:
nm-openvpn:x:974:
openvpn:x:973:
cups:x:209:
geoclue:x:972:
sgx:x:971:
systemd-oom:x:970:
adbusers:x:969:
usbmux:x:140:
realtime:x:968:
tss:x:967:
i2c:x:966:
gamemode:x:965:bloodaxe
gluster:x:964:
rpc:x:32:

 

Here is mine Eric just a tad different. Until this steam fiasco the old Arch was running just fine.

[securitybreach]

Wow, that is a whole lot of groups

[V.T. Eric Layton]

2 hours ago, abarbarian said:

If you ever have to do a fresh install this group thing is something to keep in mind.

 

Not to worry... when I do a clean install, I usually copy/save my entire /etc directory; saves having to redo all my custom options and settings.

[sunrat]

3 hours ago, securitybreach said:

Wow, that is a whole lot of groups

Looks normal. Lots on mine too:

$ getent group |wc -l
70

 

[abarbarian]

11 hours ago, securitybreach said:

Wow, that is a whole lot of groups

 

Who's Eric or Erik's ??

 

10 hours ago, V.T. Eric Layton said:

 

Not to worry... when I do a clean install, I usually copy/save my entire /etc directory; saves having to redo all my custom options and settings.

 

Comment was for Josh as he is running with  systemd and I guessed that you would rather be boiled alive in a vat of oil than use systemd. So your next install would probably be init which is quite different in its use of groups.

 

Interesting to see that my systemd only has root in one group wheras Eric's init has root in 8. Root does not even appear in my wheel group.

 

8 hours ago, sunrat said:

Looks normal. Lots on mine too:

$ getent group |wc -l
70

 

65 in mine. Do you have to be in extra groups due to some fancy audio type of thing ?

[securitybreach]

1 hour ago, abarbarian said:

65 in mine. Do you have to be in extra groups due to some fancy audio type of thing ?

 

I got you beat

 

Cerberus :: ~ » getent group |wc -l
93

 

[securitybreach]

Most applications will create a group so that you can run them as the app group instead of your user. I just realized that they will not remove the group even after uninstallation. Time to look into how to clean the unused groups or if I should even bother since no one is a member of them.

[securitybreach]

I just asked the following here: https://www.reddit.com/r/archlinux/comments/14k9urb/smarter_way_to_remove_package_groups_that_are_no/

 

[sunrat]

2 hours ago, abarbarian said:

65 in mine. Do you have to be in extra groups due to some fancy audio type of thing ?

Just audio and rtkit groups for that I think.

I see quite a few groups which are useless for me - avahi, bluetooth, dialout, fax, floppy, lightdm, lp, lpadmin, saned, tape, www-data. Guess they are just defaults so it works for every possible installation purpose. Doubt it matters really.

[abarbarian]

2 hours ago, securitybreach said:

I just asked the following here: https://www.reddit.com/r/archlinux/comments/14k9urb/smarter_way_to_remove_package_groups_that_are_no/

 

 

The respondent seems to think you are asking about packages. I wonder if you will get a decent answer. Or rather one that addresses the Q. He was being helpful even if misguided.

[V.T. Eric Layton]

9 hours ago, abarbarian said:

I guessed that you would rather be boiled alive in a vat of oil than use systemd.

 

HAHAHA! Yeah, something like that.

[securitybreach]

7 hours ago, abarbarian said:

 

The respondent seems to think you are asking about packages. I wonder if you will get a decent answer. Or rather one that addresses the Q. He was being helpful even if misguided.

 

Well someone did say the following:

 

Groups (and users) are not removed by design to avoid leaving files referencing non-existing groups, which is problematic in case of gid reuse.

 

Which is kind of odd.

[sunrat]

A thread on reddit went of the rails? Shocked, I am!

 

A few unused groups is not something I would lose sleep over. Or even waste another second on.

[abarbarian]

11 hours ago, securitybreach said:

Which is kind of odd.

 

From the wiki.

 

Quote

Note: A later removal of a package does not remove the automatically created user/group (UID/GID) again. This is intentional because any files created during its usage would otherwise be left orphaned as a potential security risk.

 

So it looks like a security thing.