Date: Thu, 11 Feb 1999 05:07:32 +1000 From: Greg Black <gjb@comkey.com.au> To: "Dan Dockery" <danarchy@endeneu.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Permissions Message-ID: <19990210190732.22957.qmail@alpha.comkey.com.au> In-Reply-To: <199902101741.JAA25717@hub.freebsd.org> of Wed, 10 Feb 1999 11:37:54 CST References: <199902101741.JAA25717@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> What I would like to know is how to set up a directory so that one > group has write access, another has read access, and the world has no > access. This is too incomplete for anybody to answer. You have to fully specify what each group can do, bearing in mind that there are three permissions on directories for each of owner, group and world: read, write and search. Is the first group only to have write access (as you stated), or do they get read and/or search as well? Ditto for the second group? In any case, there is no way with the normal unix permission mechanism to provide different permissions for different groups on the same resource. There are usually simple workarounds, but you'd need to explain more about what you're trying to do. The most common approach would make the directory owned by a group that had no members and with full permission only for the group. Access would be controlled by a setgid program that would check individuals' rights and act accordingly. If you didn't want to write a setgid program, or if you wanted people to be able to use multiple programs on the contents of the directory, you could accomplish your goals with sudo (which can provide quite fine-grained control and allows specifying programs together with required arguments as part of its magic). -- Greg Black <gjb@acm.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990210190732.22957.qmail>