[SOLVED] File access for all users on 2nd HDD?

[milon]

I'm new-ish to Linux, migrating from Windows on my family multi-user PC. I've searched all over online, and I'm getting stuck with this problem, so I'm hoping you guys can help me. On Windows, I had 2 physical HDD's - one for the OS and installed applications, and one for documents, photos, music, videos, etc. On Windows, every user had read/write access to all the files on the 2nd drive, and I'm trying to replicate this on Linux Mint. Here's what I've done so far:

I installed LM 19.1 Cinnamon with the 2nd drive disconnected. I did that because the installer didn't look like it was going to let me choose which drive to install to, and I did not want to risk my data drive being overwritten. I got installed and setup, powered off the system, connected the 2nd HDD, and powered on again. When I mounted the drive, Linux apparently assigned everything in the drive to that account (the admin account you make during setup), and the other account didn't have any access to it at all.

I've tried figuring out FSTAB, and I've (mostly?) got it since the drive mounts for everyone, but everything was still owned by the primary admin account. I applied CHMOD 776 to everything (bad idea, I know, but I didn't know what else to try), and now all users can access everything, but if anyone creates a file, it's given their ownership and no one else can touch it. >_<

How can I make this second drive behave more like it would on Windows? It's important to me that things are accessible to everyone, and I don't want to have to keep re-applying CHMOD anytime something changes.

[WharfRat]

What filesystem is on that drive/partition and where is it getting mounted

Paste back

Code: Select all

sudo blkid
mount|grep ^/dev
grep UUID /etc/fstab

[milon]

Code: Select all

timothy@Desktop:~$ sudo blkid
[sudo] password for timothy:           
/dev/sda1: UUID="7dc75141-af94-4cfe-a6ad-8e698b68b84f" TYPE="ext4" PARTUUID="eb66c358-01"
/dev/sdb1: LABEL="DATA" UUID="d5dc9a72-1769-4b37-ad51-aac9639bc0d1" TYPE="ext4" PARTUUID="5cdec42e-01"

timothy@Desktop:~$ mount|grep ^/dev
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/sdb1 on /mnt/data type ext4 (rw,nosuid,nodev,noexec,relatime,data=ordered,user,x-gvfs-show)

timothy@Desktop:~$ grep UUID /etc/fstab
# device; this may be used with UUID= as a more robust way to name devices
UUID=7dc75141-af94-4cfe-a6ad-8e698b68b84f /               ext4    errors=remount-ro 0       1

The data drive was originally formatted as NTFS, but since I'm giving up on Windows, I backed up the data, reformatted it as ext4, and copied everything back to it. And yes, now that I'm thinking of it, I did that on my Mint machine while logged in as admin account. That may have added to the problem..

EDIT - It also seems to be listed as a Removable Drive for some reason. Is that normal?

EDIT 2 - The actual reason I switched from NTFS to ext4 was because it mounted with read-only access and I couldn't figure out how to get write access. After I did some online reading, I concluded (perhaps incorrectly) that write access was disabled for safety of the data, and that's why I decided to switch to a native Linux partition.

[WharfRat]

The data drive was originally formatted as NTFS, but since I'm giving up on Windows, I backed up the data, reformatted it as ext4, and copied everything back to it. And yes, now that I'm thinking of it, I did that on my Mint machine while logged in as admin account. That may have added to the problem..

This is easy

In the terminal sudo chown $USER:$USER /mnt/data - copy and paste this verbatim.

Root always becomes the owner of a newly created filesystem as he is the only one who can do that.

So it's up to the administrator (in this case you) to change ownership.

Don't fret it being listed as removable

[milon]

Didn't work. o_O

I tried it without and with -R to recurse through the whole drive. I ran it from the admin account, and now a regular user account can't even see the folder icons - like it doesn't even have permission to know what kind of item it is - let alone access anything.

The command didn't give any feedback either (other than the -R attempt taking longer), so I don't know why it didn't work. Any ideas? I am willing to wipe the primary drive and reinstall Linux if would help, but I feel that there's a better way to fix this.

If all else fails, I could just switch to a one-user setup instead, although it's not my preference.

[WharfRat]

When you say "admin account" do you mean your user account

If you want feedback sudo chown -v $USER:$USER /mnt/data or since you recursed sudo chown -v -R --preserve-root $USER:$USER /mnt/data

Execute the command from your user account so $USER resolves to you.

[milon]

Yes, by "admin account" I do mean my user account. When I go into Users and Groups, my Account Type says Administrator. The others are Standard (no sudo privileges).

With the verbose flag, I get a lot of "ownership of [[FILE]] retained as timothy:timothy"

So everything still works for me - as it always has - but now the other user accounts don't even have read-only access.

[WharfRat]

I wasn't clear on that part - it sounded like chown was run as root so the files never changed.

For all the others sudo chmod 0757/mnt/data

[milon]

Okay, I ran it as my account (with -R) and now all accounts have access to all the files. Hooray!

However, anything that one account creates is NOT accessible by the others. This brings me back to my original problem:

... now all users can access everything, but if anyone creates a file, it's given their ownership and no one else can touch it. >_<

How can I make this second drive behave more like it would on Windows? It's important to me that things are accessible to everyone, and I don't want to have to keep re-applying CHMOD anytime something changes.

[WharfRat]

Let me look into this a little further. It works fine here, but I may have done something else.

What I did was changed the 'other' group with chmod to allow other users access to the folder which I thought would take care of that.

Update:

Change the folder mode bits to sudo chmod 0775 /mnt/data
Add the group public or whatever name you like sudo groupadd public
Add the group to the users using their login names in place of otheruser - $USER is assumed to be you.

Code: Select all

sudo usermod -a -G public $USER
sudo usermod -a -G public otheruser

Change the group of the folder content sudo chown -vR :public /mnt/data

That should do it.

[milon]

I had already created a 'users' group and added the user accounts to it, so I substituted that for 'public'. No dice.
I also tried running the first chmod command recursively, and that didn't do it either.

Oddly enough, users can delete files created by other users - just not edit them.

[WharfRat]

I don't understand it, it works fine here

I created a text document and saved it, logged out and logged in wharfrat who added a line.

In the terminal session this is the result of additional changes:

Code: Select all

[bill@home] ~ $ cat /media/test/test_file 
This is a test file that has no meaning

Wharfrat added this
[bill@home] ~ $ ls -lh /media/test/
total 4.0K
-rw-rw-r-- 1 bill public 61 Feb 13 22:00 test_file
[bill@home] ~ $ sudo login wharfrat
Password: 
Last login: Wed Feb 13 19:05:25 EST 2019 on pts/1
[wharf@home] ~ $ echo "Another line from wharfrat" >> /media/test/test_file 
[wharf@home] ~ $ cat /media/test/test_file 
This is a test file that has no meaning

Wharfrat added this
Another line from wharfrat
[wharf@home] ~ $  exit
logout
[bill@home] ~ $ echo "Another line from bill" >> /media/test/test_file 
[bill@home] ~ $ cat /media/test/test_file 
This is a test file that has no meaning

Wharfrat added this
Another line from wharfrat
Another line from bill
[bill@home] ~ $ 

Did you double check everything

[milon]

The issue is in how Linux is handling creation of new files. Have a look:

Code: Select all

timothy@Desktop:/mnt/data$ ls -lh
total 20K
drwxrwxrw-  9 timothy users   4.0K Nov 29 12:35 Coopers
drwxrwxrw-  7 timothy users   4.0K Feb 13 06:53 Mary
drwxrwxrw- 14 timothy users   4.0K Feb 12 07:48 Tim
drwxrwxrw-  9 timothy users   4.0K Feb 12 12:03 timeshift
drwxrwxrw- 17 timothy users   4.0K Feb 12 06:13 Vault

Note that I applied chmod 0776 just now because I want the 'users' group to be able to execute files as needed. (I could also use chmod 0774 to restrict all others to read-only access.)
Then, logged in as 'timothy', I went into Files (the Linux GUI application) and created a new document in /mnt/data and didn't do anything else - didn't rename it or add any text, etc. Then I ran LS again:

Code: Select all

timothy@Desktop:/mnt/data$ ls -lh
total 20K
drwxrwxrw-  9 timothy users   4.0K Nov 29 12:35  Coopers
drwxrwxrw-  7 timothy users   4.0K Feb 13 06:53  Mary
drwxrwxrw- 14 timothy users   4.0K Feb 12 07:48  Tim
drwxrwxrw-  9 timothy users   4.0K Feb 12 12:03  timeshift
-rw-rw-r--  1 timothy timothy    0 Feb 14 09:27 'Untitled Document'
drwxrwxrw- 17 timothy users   4.0K Feb 12 06:13  Vault

The new file is owned by 'timothy' (me), and is in the group 'timothy' rather than 'users'. This means that only user/group 'timothy' can modify it, and everyone else has only read-only access. This is not what I want to have happen.

What I want is for files in /mnt/data to automatically belong to 'users' when they're created/copied.
Failing that, I would need all users to have read/write permission minimum - without needing to run chmod.
Failing that, I think I need to just have 1 user on the system.

I'm not sure if I'm communicating clearly or not. Please let me know if anything is still vague.

[altair4]

-rw-rw-r-- 1 timothy timothy 0 Feb 14 09:27 'Untitled Document'

Just out of curiosity run this command:

Code: Select all

umask

Do you get 0002 or 0022?

And if it's 0022 did you force 664 permissions on 'Untitled Document'?

[WharfRat]

It seems that I modified pam settings to get the others group to work properly.

Edit /etc/pam.d/common-session and add the line session optional pam_umask.so

Next edit /etc/login.defs and search for UMASK and change it from 002 to 000

Logout and back in as tim. Create a document with xed. The mode bits should be -rw-rw-rw-

Logout and login user2 and open the doc created by tim, make a change and save it.

Be aware that everyone will be able to access and manipulate files.

You won't need the users in users group and you won't need the group users.

[milon]

-rw-rw-r-- 1 timothy timothy 0 Feb 14 09:27 'Untitled Document'

Just out of curiosity run this command:

Code: Select all

umask

Do you get 0002 or 0022?

And if it's 0022 did you force 664 permissions on 'Untitled Document'?

I got 0022. I didn't apply any chmod ### after creating the document, before running ls-lh.

It seems that I modified pam settings to get the others group to work properly.
--snip--

Hooray, that worked!! Documents created by one user are accessible and editable by the others! That's what I was looking for!

I was about to assign every user to each user's group (ie. timothy would get 'timothy', 'mary', and 'guest' groups). But now I don't need to.
Thanks!!

[altair4]

Hi, it's me again ....... If you have nothing else to do ............

If you run umask again does it still come back with 0022?

And if you create a file from the terminal instead of from Nemo:

Code: Select all

touch /mnt/data/umasktest.txt

Are the permissions of that file 666 or 644?

[milon]

Code: Select all

timothy@Desktop:~$ umask
0022

timothy@Desktop:~$ touch /mnt/data/umasktest.txt
timothy@Desktop:~$ ls -lh /mnt/data
total 20K
drwxrwxrw-  9 timothy users   4.0K Nov 29 12:35 Coopers
drwxrwxrw-  7 timothy users   4.0K Feb 13 06:53 Mary
drwxrwxrw- 14 timothy users   4.0K Feb 12 07:48 Tim
drwxrwxrw-  9 timothy users   4.0K Feb 12 12:03 timeshift
-rw-r--r--  1 timothy timothy    0 Feb 14 20:05 umasktest.txt
drwxrwxrw- 17 timothy users   4.0K Feb 12 06:13 Vault

Interesting. It appears that creating a file with touch doesn't get the same permissions as when I create one with Nemo's GUI. Hmm, this may not actually be solved then. :S

I'm going out of town for a couple days, so I won't be able to reply until sometime next week. But I haven't forgotten or given up!

[altair4]

Interesting. It appears that creating a file with touch doesn't get the same permissions as when I create one with Nemo's GUI. Hmm, this may not actually be solved then. :S

"SOLVED" in the context of this issue is conditional. It all depends on how you use your computer. If everything you do is through nemo or xed then all is well.

If for example you were to ssh into this box and create a file somewhere expecting it to be saved with 666 permissions you may be disappointing. There are like 5000 applications in the repository some of which actually work and I just don't know if any of these will disobey the umask override presented here.

It will definitely not work in Ubuntu where the umask is set to 0022 everywhere. Ubuntu Server and Xubuntu have the default set to 0002 which is what < fill in the name of your personal deity > intended so the traditional way of creating a shared folder ( by using the sgid bit ) works as intended.

Anyhoo, my intent was not to challenge the solution but to point out that somewhere sometime using some process you may end up with a file added that does not have the expected permissions.

[milon]

Right, I understand that. And I appreciate it. I thought I had a This-Fixes-EVERYTHING solution, and instead it's a This-Fixes-Most-Things solution. Which is okay, but I also realize that I could run into cases where one process or another creates one or more files that DON'T have the permissions I'm looking for. Anyway, I'm still considering this solved and if I really run into problems, I'll just add each user as a member of the other users' groups. I've only got 2 or 3 user accounts, so it's not a big deal to do that.