Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Dec 2001 14:38:18 -0600
From:      "Mike Meyer" <mwm-dated-1008707898.7dd171@mired.org>
To:        Ulrich Gruenebaum <grueneba@zkom.de>
Cc:        questions@freebsd.org
Subject:   Re: group permissions
Message-ID:  <15385.4538.743578.879745@guru.mired.org>
In-Reply-To: <62332867@toto.iv>

next in thread | previous in thread | raw e-mail | index | archive | help
Ulrich Gruenebaum <grueneba@zkom.de> types:
> Hi,
> 
> does anybody know how to solve the following
> administration problem on a FreeBSD file server:
> 
> - There a some large files on the server,
>   belonging to someone.
>   
> - The owner and some other users must be able
>   to read and write them.
>   
> - Another group of users shall have read-only access.
> 
> - All remaining users shall have
>   neither read nor write access.
> 
> My approach was, to specify group-permissions like below,
> and putting all r/w users into the specific group 'rwgroup',
> but this does not allow me to distinguish between the users
> with r/w and the users with read-only permission.
> 
>  > ls -lF  file
>  -rw-rw----  1  user   rwgroup   1024 Dec 13 14:55 file
>  
> (the owner and all users who are members in group 'rwgroup'
> have r/w access, others have no access at all. But how can
> I give read-only access to an additional group of users??)

You might check out sudo; it's in the ports and may be able to handle
this.

As a general rule, when you talk about someone needing read or
read/write access to a file, you're actually talking about them
running a specific application to read or read/write the file. The
Unix way of dealing with this is the setgid and/or setuid bits.

Extending your example, you have user, rgroup, and rwgroup, and two
applications, reader and writer. You make the file like so:

  -rw-r-----  1  user    rgroup   1024 Dec 13 14:55 file

And the two applications like so:

  ---x--x---  1  user    rgroup   1024 Dec 13 14:55 reader
  ---s--x---  1  user   rwgroup   1024 Dec 13 14:55 writer

People in rgroup will be able to run reader, and be able to read the
file. People in group rwgroup will be able to run writer, which will
then act as "user" instead of them, and hence have read/write access
to the file. If people in rwgroup also have to run reader, you can put
them in rgroup as well.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15385.4538.743578.879745>