From owner-freebsd-questions Fri Dec 14 7:59:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-77.citlink.net [207.173.226.77]) by hub.freebsd.org (Postfix) with ESMTP id 026B937B416 for ; Fri, 14 Dec 2001 07:59:13 -0800 (PST) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 9550BEE67A; Fri, 14 Dec 2001 08:00:56 -0800 (PST) Message-ID: <00cc01c184b8$3fbfd530$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "Ulrich Gruenebaum" , "Mike Meyer" Cc: References: <15385.4538.743578.879745@guru.mired.org> Subject: Re: group permissions Date: Fri, 14 Dec 2001 07:59:02 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Mike Meyer" To: "Ulrich Gruenebaum" Cc: Sent: Thursday, December 13, 2001 12:38 PM Subject: Re: group permissions > Ulrich Gruenebaum types: > > Hi, > > > > does anybody know how to solve the following > > administration problem on a FreeBSD file server: > > > > - There a some large files on the server, > > belonging to someone. > > > > - The owner and some other users must be able > > to read and write them. > > > > - Another group of users shall have read-only access. > > > > - All remaining users shall have > > neither read nor write access. > > > > My approach was, to specify group-permissions like below, > > and putting all r/w users into the specific group 'rwgroup', > > but this does not allow me to distinguish between the users > > with r/w and the users with read-only permission. > > > > > ls -lF file > > -rw-rw---- 1 user rwgroup 1024 Dec 13 14:55 file > > > > (the owner and all users who are members in group 'rwgroup' > > have r/w access, others have no access at all. But how can > > I give read-only access to an additional group of users??) > > You might check out sudo; it's in the ports and may be able to handle > this. > > As a general rule, when you talk about someone needing read or > read/write access to a file, you're actually talking about them > running a specific application to read or read/write the file. The > Unix way of dealing with this is the setgid and/or setuid bits. > > Extending your example, you have user, rgroup, and rwgroup, and two > applications, reader and writer. You make the file like so: > > -rw-r----- 1 user rgroup 1024 Dec 13 14:55 file I was reading your post as they are always informative and helpful. I don't understand why the group would be 'rgroup' instead of 'rwgroup'. What am I missing? Thanks, Drew > And the two applications like so: > > ---x--x--- 1 user rgroup 1024 Dec 13 14:55 reader > ---s--x--- 1 user rwgroup 1024 Dec 13 14:55 writer > > People in rgroup will be able to run reader, and be able to read the > file. People in group rwgroup will be able to run writer, which will > then act as "user" instead of them, and hence have read/write access > to the file. If people in rwgroup also have to run reader, you can put > them in rgroup as well. > > -- > Mike Meyer http://www.mired.org/home/mwm/ > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message