#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2002
    Posts
    13
    Rep Power
    0

    File permissions


    Lets see if I can explain this clearly. Suppose I have a /home/finance directory. I want everyone in the group finance to have full access to this directory. Thats the easy part, I can just chgrp. However, i have another user, guest, who needs read access to the files in that directory, and all subdirs. I dont want /home/finance readable by everyone, just by the finance group and the user guest. Does linux support something like an ACL on solaris? Any ideas would be welcomed.


    p.s. sure i could make guest the owner of the directory, but i dont want him to be able to change permissions, and if i have more than one person who needs read access, this wouldnt work.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Then make /home/finance owned and grouped by finance (drwxr-x--- 750) and invite guest to finance group in /etc/group like so:

    finance:*:1001:finance,guest
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2002
    Posts
    13
    Rep Power
    0
    I had thought about that. However I want the group finance to have read and write access. And the user, guest, should only have read permission. Im looking at it from a business perspective, supose guest was a manager who needed to be able to read the file, but wasnt trusted to have write access.


    p.s. i might have failed to mention that the group finance needed write access, sorry =)
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> However I want the group finance to have read and write access

    They do have read+write access to files and dirs under /home/finance when they can su finance.

    >> And the user, guest, should only have read permission

    You know what SEARCH ACCESS is? That's Read + Execute on a directory. When /home/finance has drwxr-x--- (750) owned and grouped by finance nobody else has SERACH ACCESS to /home/finance directory, EXCEPT when you invite guest to finance's group then they will have just READ access, still no WRITE access unless they have the permission to su finance.
    That said, people in finance group still shouldn't have WRITE access in /home/finance, they'd need to su finance. People in guest group can cd to /home/finance and READ files but they need password to su finance and if you don't give them, then they can't WRITE and that's exactly what you need to do.
    All the files permission remain the same -rw-r--r-- (644). You don't even need to change the umask at all.
    And of course, you can use sudo instead of su.
    Last edited by freebsd; May 2nd, 2002 at 07:19 PM.

IMN logo majestic logo threadwatch logo seochat tools logo