Date: Tue, 19 Mar 2002 13:40:09 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: jason+freebsd@kanda.com Cc: Richard <guyuan@telpacific.com.au>, "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: How to disallow a certain user or group to access a directory and all other users will not be affected Message-ID: <Pine.GSO.4.44.0203191339110.17702-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <20020319124758.W69540-100000@uk2.kanda-systems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Mar 2002 jason+freebsd@kanda.com wrote: > > On Tue, 19 Mar 2002, Jan Grant wrote: > > > On Tue, 19 Mar 2002, Richard wrote: > > > > > I am facing a problem that I only want to block a certain > > > user or a group to access a few directories and all other > > > users will not be affected. > > > > > > It does not seem to be a problem in win2000, but I cannot > > > implement in FreeBSD or Linux. Is it possible to implement > > > in FreeBSD or Linux? > > > > You need extended ACLs. I believe Linux has them; the TrustedBSD project > > is doing the same for FreeBSD (the code's already in current, IIRC). > > Not quite so, typically you use permissions to grant access, ie. user x > can read/write these files, group y can only read these files and everyone > else has no access. > > Permissions can be turned on their head a bit, eg: user x has no access, > group y has read only access and everyone else can do anything with them. > > With thoughtful use of groups, you should be able to emulate some ACL > functionality, although it will be fiddlier than with ACLs. Yeah; but the problem is that dropping out of a group isn't hard - otherwise I would've mentioned it :-) -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk (Things I've found in my attic, #2: A hundredweight of pornography.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0203191339110.17702-100000>