From owner-freebsd-questions Fri Dec 14 11:21:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-31-201-166.mmcable.com [65.31.201.166]) by hub.freebsd.org (Postfix) with SMTP id 803F737B41C for ; Fri, 14 Dec 2001 11:21:52 -0800 (PST) Received: (qmail 91428 invoked by uid 100); 14 Dec 2001 19:21:46 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15386.20809.937558.896574@guru.mired.org> Date: Fri, 14 Dec 2001 13:21:45 -0600 To: "Drew Tomlinson" Cc: "Ulrich Gruenebaum" , Subject: Re: group permissions In-Reply-To: <00cc01c184b8$3fbfd530$0301a8c0@bigdaddy> References: <15385.4538.743578.879745@guru.mired.org> <00cc01c184b8$3fbfd530$0301a8c0@bigdaddy> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Delivery-Agent: TMDA v0.42/Python 2.1.1 (freebsd4) From: "Mike Meyer" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Drew Tomlinson types: > > Ulrich Gruenebaum types: > > As a general rule, when you talk about someone needing read or > > read/write access to a file, you're actually talking about them > > running a specific application to read or read/write the file. The > > Unix way of dealing with this is the setgid and/or setuid bits. > > > > Extending your example, you have user, rgroup, and rwgroup, and two > > applications, reader and writer. You make the file like so: > > > > -rw-r----- 1 user rgroup 1024 Dec 13 14:55 file > > I was reading your post as they are always informative and helpful. I > don't understand why the group would be 'rgroup' instead of 'rwgroup'. > What am I missing? rgroup is the group that needs read permission. You put the file in that group so members of that group can read it. Those who need both read and write permission are in rwgroup. That is the group that can run the program "writer". It runs setuid to user, so that it can write the file, even though the group that can run it can't. This is the Unix method for granting a group permission to do something that they normally can't do - with an application that runs set[ug]id to the privs that are needed. Thanks, > > Drew > > > And the two applications like so: > > > > ---x--x--- 1 user rgroup 1024 Dec 13 14:55 reader > > ---s--x--- 1 user rwgroup 1024 Dec 13 14:55 writer > > > > People in rgroup will be able to run reader, and be able to read the > > file. People in group rwgroup will be able to run writer, which will > > then act as "user" instead of them, and hence have read/write access > > to the file. If people in rwgroup also have to run reader, you can > put > > them in rgroup as well. > > > > > -- > > Mike Meyer http://www.mired.org/home/mwm/ > > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more > information. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message