Hi,
I have to solve an apparently simple permission problem, and I don't know if it's the sunny weather or birdsong, well... I just can't figure it out. Here goes.
I have a bunch of users in a public library. Some are "administrators": they handle the library, write the docs for everyone, etc. Then you have the "agents", who take care of lending books and fetch them when they get returned. And then you have the odd anonymous user, using the PC with a guest account.
Let's make thing simple and start out with one machine. Every single user has a /home/<user> directory. Plus, I added the following directories:
/home/pub
and
/home/echange
Then, I created two groups, "administrators" and "agents". Here's what I'd like to achieve (but I think my IQ is just below the required limit :oD):
1) Members of the "administrators" group have unlimited read/write access to /home/pub and below.
2) Members of the "agents" group have read-only access to /home/pub and below.
3) All the others (that is, members of neither "administrators" and "agents") have no access at all to /home/pub, not even for listing the directory content.
The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved.
Any idea how to crack that nut?
Niki
- Members of the "administrators" group have unlimited read/write
access to /home/pub and below.
- Members of the "agents" group have read-only access to /home/pub and
below.
- All the others (that is, members of neither "administrators" and
"agents") have no access at all to /home/pub, not even for listing the directory content.
The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved.
Any idea how to crack that nut?
Have you looked at using ACLs? Just make sure that any backup software you use can handle them.
Yes, as Barry said, use ACL for giving permission for group agents. The permission must be 770 and the group associated to /home/pub must be administrator. Then give acl rx (setfacl -m g:agent:rx /home/pub) to /home/pub. This should solve the issue. Make sure your filesystem is mounted with ACL support.
Regards,
Kurian Thayil
On Tue, Jul 7, 2009 at 5:21 PM, Barry Brimer lists@brimer.org wrote:
- Members of the "administrators" group have unlimited read/write
access to /home/pub and below.
- Members of the "agents" group have read-only access to /home/pub and
below.
- All the others (that is, members of neither "administrators" and
"agents") have no access at all to /home/pub, not even for listing the directory content.
The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved.
Any idea how to crack that nut?
Have you looked at using ACLs? Just make sure that any backup software you use can handle them. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Niki,
I have to solve an apparently simple permission problem, and I don't know if it's the sunny weather or birdsong, well... I just can't figure it out. Here goes. ... The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved.
ACLs might help: - http://acl.bestbits.at/about.html - http://www.suse.de/~agruen/acl/linux-acls/online/
Regards, Chris
On Tue, July 7, 2009 7:45 am, Niki Kovacs wrote:
Hi,
I have to solve an apparently simple permission problem, and I don't know if it's the sunny weather or birdsong, well... I just can't figure it out. Here goes.
I have a bunch of users in a public library. Some are "administrators": they handle the library, write the docs for everyone, etc. Then you have the "agents", who take care of lending books and fetch them when they get returned. And then you have the odd anonymous user, using the PC with a guest account.
Let's make thing simple and start out with one machine. Every single user has a /home/<user> directory. Plus, I added the following directories:
/home/pub
and
/home/echange
Then, I created two groups, "administrators" and "agents". Here's what I'd like to achieve (but I think my IQ is just below the required limit :oD):
- Members of the "administrators" group have unlimited read/write
access to /home/pub and below.
- Members of the "agents" group have read-only access to /home/pub and
below.
- All the others (that is, members of neither "administrators" and
"agents") have no access at all to /home/pub, not even for listing the directory content.
The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved.
Any idea how to crack that nut?
Niki _______________________________________________
You might want to use ACL's or access control lists to set multiple users and groups with specific permissions. Take a look at http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html. This is a decent tutorial and I'm sure there are many others if you google linux ACL's. Hope this helps
Bo Lynch
On Tue, 2009-07-07 at 13:45 +0200, Niki Kovacs wrote:
/home/pub
and
/home/echange
Then, I created two groups, "administrators" and "agents". Here's what I'd like to achieve (but I think my IQ is just below the required limit :oD):
- Members of the "administrators" group have unlimited read/write
access to /home/pub and below.
- Members of the "agents" group have read-only access to /home/pub and
below.
- All the others (that is, members of neither "administrators" and
"agents") have no access at all to /home/pub, not even for listing the directory content.
The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved.
Any idea how to crack that nut?
--- You just Cracked that Nut Yourself! You know what you want to do. You layed it out think. man chown and man chmod is your friends chgrp also.
John
-
Barry Brimer -
Bo Lynch -
Christoph Neuhaus -
JohnS -
Kurian Thayil -
Niki Kovacs