Lets see if I can explain this clearly. Suppose I have a /home/finance directory. I want everyone in the group finance to have full access to this directory. Thats the easy part, I can just chgrp. However, i have another user, guest, who needs read access to the files in that directory, and all subdirs. I dont want /home/finance readable by everyone, just by the finance group and the user guest. Does linux support something like an ACL on solaris? Any ideas would be welcomed.
p.s. sure i could make guest the owner of the directory, but i dont want him to be able to change permissions, and if i have more than one person who needs read access, this wouldnt work.
Then make /home/finance owned and grouped by finance (drwxr-x--- 750) and invite guest to finance group in /etc/group like so:
I had thought about that. However I want the group finance to have read and write access. And the user, guest, should only have read permission. Im looking at it from a business perspective, supose guest was a manager who needed to be able to read the file, but wasnt trusted to have write access.
p.s. i might have failed to mention that the group finance needed write access, sorry =)
>> However I want the group finance to have read and write access
They do have read+write access to files and dirs under /home/finance when they can su finance.
>> And the user, guest, should only have read permission
You know what SEARCH ACCESS is? That's Read + Execute on a directory. When /home/finance has drwxr-x--- (750) owned and grouped by finance nobody else has SERACH ACCESS to /home/finance directory, EXCEPT when you invite guest to finance's group then they will have just READ access, still no WRITE access unless they have the permission to su finance.
That said, people in finance group still shouldn't have WRITE access in /home/finance, they'd need to su finance. People in guest group can cd to /home/finance and READ files but they need password to su finance and if you don't give them, then they can't WRITE and that's exactly what you need to do.
All the files permission remain the same -rw-r--r-- (644). You don't even need to change the umask at all.
And of course, you can use sudo instead of su.
Last edited by freebsd; May 2nd, 2002 at 07:19 PM.