Date: Sat, 16 May 2015 10:13:36 -0400 From: Adam McDougall <mcdouga9@egr.msu.edu> To: freebsd-hackers@freebsd.org Subject: Re: unionfs/nullfs Help please Message-ID: <55575090.1020609@egr.msu.edu> In-Reply-To: <alpine.BSF.2.20.1505161233520.774@laptop.wojtek.intra> References: <alpine.BSF.2.20.1505161233520.774@laptop.wojtek.intra>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/16/2015 06:38, Wojciech Puchar wrote: > what i need: > > i have a directory "/home/administration" with files belonging to group > say "bosses". I've added say "john" and "bill" to group bosses. Now > bosses can read and write in /home/administration. > > Now i want mark, anne and tom to be able to read data from > /home/administration but not write. Others should not be able to do > access it at all. > > So i created group "administration-read" and added mark,anne and tom to it. > > Now i wanted using nullfs or unionfs to clone /home/administration to > say /nullfs/administration-read so it will be read only (no problem) but > gid of files would be changed to administration-read. > > Tried multiple things, to no avail. Seems i don't really understand > manuals ;) > > Any help how to do it this way or other way (but no ACLs please)? > > Make /home/administration mode 750, group administration-read. Add members of "bosses" to administration-read so all authorized users but nobody else can enter the directory. Make the content inside mode 775 or 664 as appropriate, group bosses, so bosses can write but 'other' can read, which will allow members of administration-read to read. It is up to you or the bosses to make sure content doesn't become world writable or the top level doesn't allow others in, and new files/dirs have group bosses. chgrp g+s on directories may help preserve the proper group on new content.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55575090.1020609>