I am trying to figure out how permissions work in Linux. In windows if I want someone to have access to something you put their name in a group then give that group access to that folder. However things can get difficult when you have an office with a folder structure like this: Taxoffice--->Names---> Private. Everyone in the group would need access to the Taxoffice folder and names folder but lets say only 4 people out of 12 need access to the private folder. 2 of those people need read only access and 2 full access. In windows this is easy because you can apply multiple groups and peoples permissions to a folder and file. How is this done in Linux when all I see is Owner and 1 Group permission?
On Thu, 3 Aug 2006 at 11:48am, Chris Peikert wrote
I am trying to figure out how permissions work in Linux. In windows if I want someone to have access to something you put their name in a group then give that group access to that folder. However things can get difficult when you have an office with a folder structure like this: Taxoffice--->Names---> Private. Everyone in the group would need access to the Taxoffice folder and names folder but lets say only 4 people out of 12 need access to the private folder. 2 of those people need read only access and 2 full access. In windows this is easy because you can apply multiple groups and peoples permissions to a folder and file. How is this done in Linux when all I see is Owner and 1 Group permission?
'man acl'
Chris Peikert wrote:
I am trying to figure out how permissions work in Linux. In windows if I want someone to have access to something you put their name in a group then give that group access to that folder. However things can get difficult when you have an office with a folder structure like this: Taxoffice-àNames-à Private. Everyone in the group would need access to the Taxoffice folder and names folder but lets say only 4 people out of 12 need access to the private folder. 2 of those people need read only access and 2 full access. In windows this is easy because you can apply multiple groups and peoples permissions to a folder and file. How is this done in Linux when all I see is Owner and 1 Group permission?
This a good reference here:
http://www.freeos.com/articles/3127/
Max
I have read through the Manuals and I have read through the website. I am still unable to find an answer on how to assign multiple groups to one directory or file with different permissions. Everything points to one group and one owner. Is there something else Linux uses for permissions to fix this problem?
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Max H. Sent: Thursday, August 03, 2006 12:06 PM To: CentOS mailing list Subject: Re: [CentOS] Permissions
Chris Peikert wrote:
I am trying to figure out how permissions work in Linux. In windows if I want someone to have access to something you put their name in a group then give that group access to that folder. However things can get difficult when you have an office with a folder structure like this: Taxoffice-àNames-à Private. Everyone in the group would need access to the Taxoffice folder and names folder but lets say only 4 people out of 12 need access to the private folder. 2 of those people need read only access and 2 full access. In windows this is easy because you can apply multiple groups and peoples permissions to a folder and file. How is this done in Linux when all I see is Owner and 1 Group permission?
This a good reference here:
http://www.freeos.com/articles/3127/
Max
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Chris Peikert said:
I have read through the Manuals and I have read through the website. I am still unable to find an answer on how to assign multiple groups to one directory or file with different permissions. Everything points to one group and one owner. Is there something else Linux uses for permissions to fix this problem?
For that sort of fine-grained control, I think you may need to abandon the classic stuff and use Posix access control lists. Do a 'man acl' and see if that is what you're looking for.
=========== Alan Sparks, UNIX/Linux Systems Administrator asparks@doublesparks.net
Am Donnerstag 03 August 2006 19:27 schrieb Chris Peikert:
I have read through the Manuals and I have read through the website. I am still unable to find an answer on how to assign multiple groups to one directory or file with different permissions. Everything points to one group and one owner. Is there something else Linux uses for permissions to fix this problem?
suppose you have 2 groups
admin audatex
admin should get rights "rwx" audatex should get rigts "rw"
root@main tk]#setfacl -m group:admin:rwx /path/to/folder root@main tk]#setfacl -m group:audatex:rw- /path/to/folder
inspect with
getfacl /path/to/folder
i.e. [root@main tk]# getfacl /etc/hosts getfacl: Removing leading '/' from absolute path names # file: etc/hosts # owner: root # group: root user::rw- user:tk:rw- group::r-- group:audatex:rwx group:audatex:rw- mask::rwx other::r--
HTH Timothy
Am Donnerstag 03 August 2006 20:34 schrieb Timothy Kesten:
inspect with
getfacl /path/to/folder
i.e. [root@main tk]# getfacl /etc/hosts getfacl: Removing leading '/' from absolute path names # file: etc/hosts # owner: root # group: root user::rw- user:tk:rw- group::r-- group:audatex:rwx
this should be group:admin:rwx
group:audatex:rw-
mask::rwx other::r--
Sorry Timothy
Wooooo that's really complex!!!
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Timothy Kesten Sent: Thursday, August 03, 2006 1:42 PM To: CentOS mailing list Subject: Re: [CentOS] Permissions
Am Donnerstag 03 August 2006 20:34 schrieb Timothy Kesten:
inspect with
getfacl /path/to/folder
i.e. [root@main tk]# getfacl /etc/hosts getfacl: Removing leading '/' from absolute path names # file: etc/hosts # owner: root # group: root user::rw- user:tk:rw- group::r-- group:audatex:rwx
this should be group:admin:rwx
group:audatex:rw-
mask::rwx other::r--
Sorry Timothy _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 8/3/06, Timothy Kesten centos-lst@gmx.de wrote:
Am Donnerstag 03 August 2006 20:34 schrieb Timothy Kesten:
inspect with
getfacl /path/to/folder
i.e. [root@main tk]# getfacl /etc/hosts getfacl: Removing leading '/' from absolute path names # file: etc/hosts # owner: root # group: root user::rw- user:tk:rw- group::r-- group:audatex:rwx
this should be group:admin:rwxgroup:audatex:rw-
mask::rwx other::r--
Nice one Timothy, never seen that command before I'll have to bear it in mind for future use :-)
Am Samstag 05 August 2006 01:38 schrieb Graham Cossey:
Nice one Timothy, never seen that command before I'll have to bear it in mind for future use :-)
Important: Your kernel must support acl and in /etc/fstab you have to notice this Option to the desired device
i.e.:
/dev/hda8 / reiserfs acl,notail 0 1 ^
Bye Timothy
Remember you can remount your partition without reboot using: mount -o remount / After changing /etc/fstab.
On 8/5/06, Timothy Kesten centos-lst@gmx.de wrote:
Am Samstag 05 August 2006 01:38 schrieb Graham Cossey:
Nice one Timothy, never seen that command before I'll have to bear it in mind for future use :-)
Important: Your kernel must support acl and in /etc/fstab you have to notice this Option to the desired device
i.e.:
/dev/hda8 / reiserfs acl,notail 0 1 ^
Bye Timothy
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, 2006-08-03 at 12:27 -0500, Chris Peikert wrote:
I have read through the Manuals and I have read through the website. I am still unable to find an answer on how to assign multiple groups to one directory or file with different permissions. Everything points to one group and one owner. Is there something else Linux uses for permissions to fix this problem?
The usual approach is to create groups with the correct users. That is, a group except for one user is really a different group. You might want to script a way to maintain them if certain groups are always strict subsets of others.
-
Alan Sparks -
Chris Peikert -
Cleber P. de Souza -
Graham Cossey -
Joshua Baker-LePain -
Les Mikesell -
Max H. -
Timothy Kesten