Date: Thu, 13 Dec 2001 14:38:18 -0600 From: "Mike Meyer" <mwm-dated-1008707898.7dd171@mired.org> To: Ulrich Gruenebaum <grueneba@zkom.de> Cc: questions@freebsd.org Subject: Re: group permissions Message-ID: <15385.4538.743578.879745@guru.mired.org> In-Reply-To: <62332867@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Ulrich Gruenebaum <grueneba@zkom.de> types: > Hi, > > does anybody know how to solve the following > administration problem on a FreeBSD file server: > > - There a some large files on the server, > belonging to someone. > > - The owner and some other users must be able > to read and write them. > > - Another group of users shall have read-only access. > > - All remaining users shall have > neither read nor write access. > > My approach was, to specify group-permissions like below, > and putting all r/w users into the specific group 'rwgroup', > but this does not allow me to distinguish between the users > with r/w and the users with read-only permission. > > > ls -lF file > -rw-rw---- 1 user rwgroup 1024 Dec 13 14:55 file > > (the owner and all users who are members in group 'rwgroup' > have r/w access, others have no access at all. But how can > I give read-only access to an additional group of users??) You might check out sudo; it's in the ports and may be able to handle this. As a general rule, when you talk about someone needing read or read/write access to a file, you're actually talking about them running a specific application to read or read/write the file. The Unix way of dealing with this is the setgid and/or setuid bits. Extending your example, you have user, rgroup, and rwgroup, and two applications, reader and writer. You make the file like so: -rw-r----- 1 user rgroup 1024 Dec 13 14:55 file And the two applications like so: ---x--x--- 1 user rgroup 1024 Dec 13 14:55 reader ---s--x--- 1 user rwgroup 1024 Dec 13 14:55 writer People in rgroup will be able to run reader, and be able to read the file. People in group rwgroup will be able to run writer, which will then act as "user" instead of them, and hence have read/write access to the file. If people in rwgroup also have to run reader, you can put them in rgroup as well. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15385.4538.743578.879745>