Date: Tue, 19 Mar 2002 05:48:25 -0600 From: Mike Meyer <mwm-dated-1016970505.415850@mired.org> To: Jan Grant <Jan.Grant@bristol.ac.uk> Cc: Richard <guyuan@telpacific.com.au>, "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: How to disallow a certain user or group to access a directory and all other users will not be affected Message-ID: <15511.9609.134146.560977@guru.mired.org> In-Reply-To: <Pine.GSO.4.44.0203191126480.17702-100000@mail.ilrt.bris.ac.uk> References: <200203191104.g2JB4VH56561@sydmail3.telpacific.com.au> <Pine.GSO.4.44.0203191126480.17702-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In <Pine.GSO.4.44.0203191126480.17702-100000@mail.ilrt.bris.ac.uk>, Jan Grant <Jan.Grant@bristol.ac.uk> typed: > On Tue, 19 Mar 2002, Richard wrote: > > I am facing a problem that I only want to block a certain > > user or a group to access a few directories and all other > > users will not be affected. > You need extended ACLs. I believe Linux has them; the TrustedBSD project > is doing the same for FreeBSD (the code's already in current, IIRC). Actually, any Unix can halfway do it. Put the users you want excluded in group "excluded". Then make the directory owned by group excluded, mode 705 (or whatever). The group permissions takes precedence over the "other" permission, so those users are excluded. I say "halfway" because that's not they way you're supposed to use groups. So it's relatively straightforward for a user to "lose" a group, at least on some Unices. I originally found this on BSD 4.x, and I don't know if it's been changed since. CSRG didn't consider it a problem, and I haven't tested it on any version of FreeBSD. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15511.9609.134146.560977>