From owner-freebsd-questions Tue Mar 19 3:40:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from uk2.kanda-systems.net (uk2.kanda-systems.net [193.195.117.202]) by hub.freebsd.org (Postfix) with ESMTP id 6FB8E37B405 for ; Tue, 19 Mar 2002 03:40:17 -0800 (PST) Received: from localhost.kanda-systems.net (localhost.kanda-systems.net [127.0.0.1]) by uk2.kanda-systems.net (Postfix) with ESMTP id AEB9D3C1E8; Tue, 19 Mar 2002 12:54:00 +0000 (GMT) Date: Tue, 19 Mar 2002 12:54:00 +0000 (GMT) From: jason+freebsd@kanda.com X-X-Sender: jason@uk2.kanda-systems.net Reply-To: jason+freebsd@kanda.com To: Jan Grant Cc: Richard , "freebsd-questions@FreeBSD.ORG" Subject: Re: How to disallow a certain user or group to access a directory and all other users will not be affected In-Reply-To: Message-ID: <20020319124758.W69540-100000@uk2.kanda-systems.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 19 Mar 2002, Jan Grant wrote: > On Tue, 19 Mar 2002, Richard wrote: > > > I am facing a problem that I only want to block a certain > > user or a group to access a few directories and all other > > users will not be affected. > > > > It does not seem to be a problem in win2000, but I cannot > > implement in FreeBSD or Linux. Is it possible to implement > > in FreeBSD or Linux? > > You need extended ACLs. I believe Linux has them; the TrustedBSD project > is doing the same for FreeBSD (the code's already in current, IIRC). Not quite so, typically you use permissions to grant access, ie. user x can read/write these files, group y can only read these files and everyone else has no access. Permissions can be turned on their head a bit, eg: user x has no access, group y has read only access and everyone else can do anything with them. With thoughtful use of groups, you should be able to emulate some ACL functionality, although it will be fiddlier than with ACLs. Some quick examples: To stop a group accessing a directory/file: chgrp group directory (where group is the group you want to restrict access to, and directory is the directory name) Then chmod 707 directory To stop a user accessing a file or directory: chgrp user directory Then chmod 077 directory (where user is the user you want to restrict access to, and directory is the directory name) Jason > > > -- > jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ > Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk > Q: What's yellow and equivalent to the axiom of choice? A: Zorn's lemon. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message