From owner-freebsd-questions Wed Feb 10 11:47:57 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA10031 for freebsd-questions-outgoing; Wed, 10 Feb 1999 11:47:57 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from alpha.comkey.com.au (alpha.comkey.com.au [203.9.152.215]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA09995 for ; Wed, 10 Feb 1999 11:47:51 -0800 (PST) (envelope-from gjb@comkey.com.au) Received: (qmail 22958 invoked by uid 1001); 10 Feb 1999 19:07:32 -0000 Message-ID: <19990210190732.22957.qmail@alpha.comkey.com.au> X-Posted-By: GBA-Post 1.04 06-Feb-1999 X-PGP-Fingerprint: 5A91 6942 8CEA 9DAB B95B C249 1CE1 493B 2B5A CE30 Date: Thu, 11 Feb 1999 05:07:32 +1000 From: Greg Black To: "Dan Dockery" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Permissions References: <199902101741.JAA25717@hub.freebsd.org> In-reply-to: <199902101741.JAA25717@hub.freebsd.org> of Wed, 10 Feb 1999 11:37:54 CST Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > What I would like to know is how to set up a directory so that one > group has write access, another has read access, and the world has no > access. This is too incomplete for anybody to answer. You have to fully specify what each group can do, bearing in mind that there are three permissions on directories for each of owner, group and world: read, write and search. Is the first group only to have write access (as you stated), or do they get read and/or search as well? Ditto for the second group? In any case, there is no way with the normal unix permission mechanism to provide different permissions for different groups on the same resource. There are usually simple workarounds, but you'd need to explain more about what you're trying to do. The most common approach would make the directory owned by a group that had no members and with full permission only for the group. Access would be controlled by a setgid program that would check individuals' rights and act accordingly. If you didn't want to write a setgid program, or if you wanted people to be able to use multiple programs on the contents of the directory, you could accomplish your goals with sudo (which can provide quite fine-grained control and allows specifying programs together with required arguments as part of its magic). -- Greg Black To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message