Date: Fri, 14 Dec 2001 07:59:02 -0800 From: "Drew Tomlinson" <drew@mykitchentable.net> To: "Ulrich Gruenebaum" <grueneba@zkom.de>, "Mike Meyer" <mwm-dated-1008707898.7dd171@mired.org> Cc: <questions@freebsd.org> Subject: Re: group permissions Message-ID: <00cc01c184b8$3fbfd530$0301a8c0@bigdaddy> References: <15385.4538.743578.879745@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Mike Meyer" <mwm-dated-1008707898.7dd171@mired.org> To: "Ulrich Gruenebaum" <grueneba@zkom.de> Cc: <questions@freebsd.org> Sent: Thursday, December 13, 2001 12:38 PM Subject: Re: group permissions > Ulrich Gruenebaum <grueneba@zkom.de> types: > > Hi, > > > > does anybody know how to solve the following > > administration problem on a FreeBSD file server: > > > > - There a some large files on the server, > > belonging to someone. > > > > - The owner and some other users must be able > > to read and write them. > > > > - Another group of users shall have read-only access. > > > > - All remaining users shall have > > neither read nor write access. > > > > My approach was, to specify group-permissions like below, > > and putting all r/w users into the specific group 'rwgroup', > > but this does not allow me to distinguish between the users > > with r/w and the users with read-only permission. > > > > > ls -lF file > > -rw-rw---- 1 user rwgroup 1024 Dec 13 14:55 file > > > > (the owner and all users who are members in group 'rwgroup' > > have r/w access, others have no access at all. But how can > > I give read-only access to an additional group of users??) > > You might check out sudo; it's in the ports and may be able to handle > this. > > As a general rule, when you talk about someone needing read or > read/write access to a file, you're actually talking about them > running a specific application to read or read/write the file. The > Unix way of dealing with this is the setgid and/or setuid bits. > > Extending your example, you have user, rgroup, and rwgroup, and two > applications, reader and writer. You make the file like so: > > -rw-r----- 1 user rgroup 1024 Dec 13 14:55 file I was reading your post as they are always informative and helpful. I don't understand why the group would be 'rgroup' instead of 'rwgroup'. What am I missing? Thanks, Drew > And the two applications like so: > > ---x--x--- 1 user rgroup 1024 Dec 13 14:55 reader > ---s--x--- 1 user rwgroup 1024 Dec 13 14:55 writer > > People in rgroup will be able to run reader, and be able to read the > file. People in group rwgroup will be able to run writer, which will > then act as "user" instead of them, and hence have read/write access > to the file. If people in rwgroup also have to run reader, you can put > them in rgroup as well. > > <mike > -- > Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00cc01c184b8$3fbfd530$0301a8c0>