From owner-freebsd-hackers@FreeBSD.ORG Sat May 16 14:20:10 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ABEACAFA for ; Sat, 16 May 2015 14:20:10 +0000 (UTC) Received: from mail.egr.msu.edu (boomhauer.egr.msu.edu [35.9.37.167]) by mx1.freebsd.org (Postfix) with ESMTP id 8611F1BC8 for ; Sat, 16 May 2015 14:20:09 +0000 (UTC) Received: from boomhauer (localhost [127.0.0.1]) by mail.egr.msu.edu (Postfix) with ESMTP id C8E463D0B3 for ; Sat, 16 May 2015 10:13:37 -0400 (EDT) X-Virus-Scanned: amavisd-new at egr.msu.edu Received: from mail.egr.msu.edu ([127.0.0.1]) by boomhauer (boomhauer.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kmmYAwHkKI6c for ; Sat, 16 May 2015 10:13:37 -0400 (EDT) Received: from EGR authenticated sender mcdouga9 Message-ID: <55575090.1020609@egr.msu.edu> Date: Sat, 16 May 2015 10:13:36 -0400 From: Adam McDougall User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: Re: unionfs/nullfs Help please References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 May 2015 14:20:10 -0000 On 05/16/2015 06:38, Wojciech Puchar wrote: > what i need: > > i have a directory "/home/administration" with files belonging to group > say "bosses". I've added say "john" and "bill" to group bosses. Now > bosses can read and write in /home/administration. > > Now i want mark, anne and tom to be able to read data from > /home/administration but not write. Others should not be able to do > access it at all. > > So i created group "administration-read" and added mark,anne and tom to it. > > Now i wanted using nullfs or unionfs to clone /home/administration to > say /nullfs/administration-read so it will be read only (no problem) but > gid of files would be changed to administration-read. > > Tried multiple things, to no avail. Seems i don't really understand > manuals ;) > > Any help how to do it this way or other way (but no ACLs please)? > > Make /home/administration mode 750, group administration-read. Add members of "bosses" to administration-read so all authorized users but nobody else can enter the directory. Make the content inside mode 775 or 664 as appropriate, group bosses, so bosses can write but 'other' can read, which will allow members of administration-read to read. It is up to you or the bosses to make sure content doesn't become world writable or the top level doesn't allow others in, and new files/dirs have group bosses. chgrp g+s on directories may help preserve the proper group on new content.