From owner-freebsd-questions Thu Dec 13 12:38:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-31-201-166.mmcable.com [65.31.201.166]) by hub.freebsd.org (Postfix) with SMTP id 999D037B416 for ; Thu, 13 Dec 2001 12:38:19 -0800 (PST) Received: (qmail 79417 invoked by uid 100); 13 Dec 2001 20:38:19 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15385.4538.743578.879745@guru.mired.org> Date: Thu, 13 Dec 2001 14:38:18 -0600 To: Ulrich Gruenebaum Cc: questions@freebsd.org Subject: Re: group permissions In-Reply-To: <62332867@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Delivery-Agent: TMDA v0.42/Python 2.1.1 (freebsd4) From: "Mike Meyer" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ulrich Gruenebaum types: > Hi, > > does anybody know how to solve the following > administration problem on a FreeBSD file server: > > - There a some large files on the server, > belonging to someone. > > - The owner and some other users must be able > to read and write them. > > - Another group of users shall have read-only access. > > - All remaining users shall have > neither read nor write access. > > My approach was, to specify group-permissions like below, > and putting all r/w users into the specific group 'rwgroup', > but this does not allow me to distinguish between the users > with r/w and the users with read-only permission. > > > ls -lF file > -rw-rw---- 1 user rwgroup 1024 Dec 13 14:55 file > > (the owner and all users who are members in group 'rwgroup' > have r/w access, others have no access at all. But how can > I give read-only access to an additional group of users??) You might check out sudo; it's in the ports and may be able to handle this. As a general rule, when you talk about someone needing read or read/write access to a file, you're actually talking about them running a specific application to read or read/write the file. The Unix way of dealing with this is the setgid and/or setuid bits. Extending your example, you have user, rgroup, and rwgroup, and two applications, reader and writer. You make the file like so: -rw-r----- 1 user rgroup 1024 Dec 13 14:55 file And the two applications like so: ---x--x--- 1 user rgroup 1024 Dec 13 14:55 reader ---s--x--- 1 user rwgroup 1024 Dec 13 14:55 writer People in rgroup will be able to run reader, and be able to read the file. People in group rwgroup will be able to run writer, which will then act as "user" instead of them, and hence have read/write access to the file. If people in rwgroup also have to run reader, you can put them in rgroup as well. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message