From owner-freebsd-questions Fri Sep 13 0:30:12 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E834C37B400 for ; Fri, 13 Sep 2002 00:30:05 -0700 (PDT) Received: from ns2.austclear.com.au (ns2.austclear.com.au [192.43.185.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1809A43E6E for ; Fri, 13 Sep 2002 00:30:04 -0700 (PDT) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.166.65]) by ns2.austclear.com.au (8.11.2/8.11.3) with ESMTP id g8D7U1X19763; Fri, 13 Sep 2002 17:30:02 +1000 (EST) (envelope-from ahl@austclear.com.au) Received: from tungsten (tungsten [192.168.166.65]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id RAA17771; Fri, 13 Sep 2002 17:30:01 +1000 (EST) Message-Id: <200209130730.RAA17771@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: fred Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Privilege for user groups Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 13 Sep 2002 17:30:01 +1000 From: Tony Landells Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Sep 12, 2002 at 10:49:19PM -0700, fred typed: > Hi, > > I have create two usergroups in my freebsd box dev > and qa. > I also have a folder /home/samba/test. > > I want to grant the r_x privilege on > folder /home/samba/test to qa group while grant the > rwx privilege to dev group? > > How do i implement it in the freebsd box? Well, you can chgrp /home/samba/test to dev, then chmod it to 775 which means you (the owner) will have rwx, dev (the group) will have rwx, and qa (and anyone else not you and not in group dev) will get r-x. Is that close enough? If you want to have it so dev get rwx, qa get r-x, and people in neither of those two groups have totally different permissions then life will be kind of difficult, though you might be able to hack something through Samba using multiple share names that point to the same directory, for example: [devtest] comment = dev test directory path = /home/samba/test writable = yes valid users = @dev force group = dev [qatest] comment = qa access to test directory path = /home/samba/test writable = no valid users = @qa force group = dev and then chgrp the directory to dev, and chmod it to 77X where 'X' is whatever permission you want people not in dev or qa to get. The trickery here is that the people in group qa use the second share, which looks like it's operating as group dev, but has write permission disabled on the share. It should work... Tony -- Tony Landells Principal Networks, Security & IT Systems Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message