Unix/Linux Go Back    


Shell Programming and Scripting BSD, Linux, and UNIX shell scripting — Post awk, bash, csh, ksh, perl, php, python, sed, sh, shell scripts, and other shell scripting languages questions here.

Create a shared folder using acl

Shell Programming and Scripting


Tags
solved

Reply    
 
Thread Tools Search this Thread Display Modes
    #8  
Old Unix and Linux 04-26-2017
Don Cragun's Unix or Linux Image
Don Cragun Don Cragun is offline Forum Staff  
Administrator
 
Join Date: Jul 2012
Last Activity: 22 September 2017, 3:03 PM EDT
Location: San Jose, CA, USA
Posts: 10,508
Thanks: 542
Thanked 3,675 Times in 3,135 Posts
The mode of a directory (whether set by chmod or by setting an ACL) controls who can create files in that directory, remove files from that directory, and search for files in that directory. It has absolutely nothing to do with who can read or write a file that happens to be located in that directory.

If you want to let a large group of people edit a file, set the mode of that file to allow all of those people to edit it (either by creating a group containing those people's userIDs and making the file writeable by that group or by creating an ACL for that file that grants all of those people's userIDs write permission).
Sponsored Links
    #9  
Old Unix and Linux 04-27-2017
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 22 September 2017, 5:42 PM EDT
Location: Saskatchewan
Posts: 22,417
Thanks: 1,126
Thanked 4,235 Times in 3,915 Posts
Quote:
Originally Posted by jcdole View Post
As I have already said that does not do what I want

Using G+S in PUBLIC SHARED FOLDER
a) deletion of not owned files forbidden : OK
b) creation in user's folder : OK
c) creation in other user's folder : OK
d) editing files owned by others in its own user's folder : KO access denied
d) editing files owned by others in any other folder ( owned or not owned ) : KO access denied

files are marked as
user::rw-
group::r--
other::r--
Well, that would be your problem. The group and other flags define whether the files can be read/written/executed by same group or others. Leaving them at r-- all the time guarantees they'll never be writable to anyone but their owners.

Make the file group-writable and others in the group will be able to write to it. etc.

Last edited by Corona688; 04-27-2017 at 11:31 AM..
Sponsored Links
    #10  
Old Unix and Linux 04-29-2017
jcdole jcdole is offline
Registered User
 
Join Date: Apr 2011
Last Activity: 21 September 2017, 6:16 AM EDT
Location: 64500 - france ( south-ouest )
Posts: 165
Thanks: 56
Thanked 3 Times in 3 Posts
Quote:
Originally Posted by Don Cragun View Post
The mode of a directory (whether set by chmod or by setting an ACL) controls who can create files in that directory, remove files from that directory, and search for files in that directory. It has absolutely nothing to do with who can read or write a file that happens to be located in that directory.

If you want to let a large group of people edit a file, set the mode of that file to allow all of those people to edit it (either by creating a group containing those people's userIDs and making the file writeable by that group or by creating an ACL for that file that grants all of those people's userIDs write permission).
That exactly what I try to do (see #1 ).
I have created a group which name is publicuser. Every people in that group can do any actions but cannot delete files that they do not owned.
I have created a partition which is public for people in group public user. Others are exclude.
But I failed to make it running the way I want.

---------- Post updated at 19:48 ---------- Previous update was at 19:32 ----------

Quote:
Originally Posted by Corona688 View Post
Well, that would be your problem. The group and other flags define whether the files can be read/written/executed by same group or others. Leaving them at r-- all the time guarantees they'll never be writable to anyone but their owners.

Make the file group-writable and others in the group will be able to write to it. etc.
I have try what you and jim suggest to me.
I have not set any things to r--.

I have use two recipe
1°) as you suggest : using
Code:
chown -Rv publicuser:publicuser $A_PUB_FOLDER
chmod -v 0770 $( find $A_PUB_FOLDER -type d )
chmod -v u+s

or
2°) as jim suggest : using

Code:
chown -Rv publicuser:publicuser $A_PUB_FOLDER
chmod -v 1770 $( find $A_PUB_FOLDER -type d )

r-- is the effective mode as said in the ACL documentations.
It is not somethings that I have set somewhere.

Any help is welcome.
    #11  
Old Unix and Linux 04-29-2017
Don Cragun's Unix or Linux Image
Don Cragun Don Cragun is offline Forum Staff  
Administrator
 
Join Date: Jul 2012
Last Activity: 22 September 2017, 3:03 PM EDT
Location: San Jose, CA, USA
Posts: 10,508
Thanks: 542
Thanked 3,675 Times in 3,135 Posts
Quote:
Originally Posted by jcdole View Post
That exactly what I try to do (see #1 ).
I have created a group which name is publicuser. Every people in that group can do any actions but cannot delete files that they do not owned.
I have created a partition which is public for people in group public user. Others are exclude.
But I failed to make it running the way I want.

... ... ...
No, this is not what you have done! You have to make the REGULAR FILES you want to edit writeable by group publicuser. All that any of the stuff you have shown us does is modify the permissions on the DIRECTORY or DIRECTORIES that contain your files. All of the commands you have shown us so far use:

Code:
find ... -type d ...

and type d only works on directories; not on regular files.

If you want regular files to be editable by everyone in group publicuser, in addition to what you have already done with the directions, the mode on those files need to be something like 660 AND they must have groupID publicuser.

To make the regular files in a file hierarchy rooted in the current directory have groupID publicuser, you need root or the current owner of those files to set the groupID of those files to publicuser and set the mode of those files to allow the owner and the group to have read and write permission:

Code:
find . -type f -exec chgrp publicuser {} + -exec chmod 660 {} +

Sponsored Links
    #12  
Old Unix and Linux 05-01-2017
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 22 September 2017, 5:42 PM EDT
Location: Saskatchewan
Posts: 22,417
Thanks: 1,126
Thanked 4,235 Times in 3,915 Posts
To summarize the last few weeks of confusion and argument:
  • Directory permissions who is allowed to create and delete which files where. The special U+S bit on a directory prevents people from deleting someone else's files.
  • The permissions on the files themselves determine who is able to edit them.

No amount of fancy ACL's on the directory they're inside will permit you to edit files set 000.

Use the permissions on the directory to control who's allowed to create files and who's allowed to delete files.

Use file permissions to control who's allowed to edit files.

Use umask to ensure files are created with the correct permissions. This is a user setting, not a file setting. I'm not sure what, if any equivalent there is for ACL's.

Last edited by Corona688; 05-01-2017 at 01:50 PM..
Sponsored Links
    #13  
Old Unix and Linux 05-14-2017
jcdole jcdole is offline
Registered User
 
Join Date: Apr 2011
Last Activity: 21 September 2017, 6:16 AM EDT
Location: 64500 - france ( south-ouest )
Posts: 165
Thanks: 56
Thanked 3 Times in 3 Posts
Ok that works using ACL.
Here the full procedure I have used.

Code:
Goal : In folders defined as "PUBLIC" for users in group "publicuser', any users can do anythings but cannot delete objects they do not own.  
  1. 1st Step :
  • Creation of initial group, user and folders
Create group publicuser Create user publicuser (no login user), user_test1, user_test2
  • Add publicuser, user_test1, user_test2 to group publicuser
Create a new folder :
  • mkdir -p /d_pub_folder
  • chown publicuser:publicuser /d_pub_folder
Create sub-folder for each regular user
  • mkdir -p /d_pub_folder/user_test1
  • chown user_test1:publicuser /d_pub_folder/user_test1
  • mkdir -p /d_pub_folder/user_test2
  • chown user_test2:publicuser /d_pub_folder/user_test2
Set properties on new folders
  • chmod -R 770 /d_pub_folder
  • chmod -R g+s /d_pub_folder
  • chmod -R +t /d_pub_folder
Set ACL on new folders #set user to rwx, group to ---, group publicuser to rwx,other to ---
  • setfacl -R -m u::rwx,g::---,g:publicuser:rwx,o:--- /d_pub_folder
#set default : user to rwx, group to ---, group publicuser to rwx,other to ---
  • setfacl -R -d -m u::rwx,g::---,g:publicuser:rwx,o:--- /d_pub_folder
  1. 2nd Step :
Files creation Create new files owned by each user in their respective folder
  • su to user_test1
  • echo "Create by user_test1 in user_test1's folder" > /d_pub_folder/user_test1/testfile_1.txt
  • su to user_test2
  • echo "Create by user_test2 in user_test2's folder" > /d_pub_folder/user_test2/testfile_2.txt
Create new files own by user_test2 in user_test1's folder
  • echo "Create by user_test2 in user_test1's folder" > /d_pub_folder/user_test1/testfile_4.txt
  1. 3rd Step : ACL Check from a "public" folder /d_pub_folder/....
  • 1°) OK : any user can create a file in it's own folder
  • 2°) OK : any user can create a file in folder owned by others
  • 3°) OK : any user can modify a file they owned in folder owned by others
  • 4°) OK : any user cannot delete a file they do not owned any where
  • 5°) OK : any user can modify a file they do not owned using vi in a terminal emulator (Konsole)
What does not work :
  • 6°) FAILED : any user cannot modify a file they do not owned using KATE or KWRITE in graphical session.

For linux user using KDE, for the moment there is in a problem to modify a file which you are not the owner.
From Opensuse people :
Quote:
Yes, this is currently not implemented.
KTextEditor (and thus katepart/kate/kwrite) creates a new file and rename()s it to the new location for atomic updates.
Only the usual permissions are applied.
A bug report has been reported to KDE.

Anyway thank you everybody for taking your time to help me.

Despite the problem with Kate or Kwrite, I mark this thread solve.
Site administrator are free to remove the tag if necessary.
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Trouble setting up a shared folder 14952john UNIX for Dummies Questions & Answers 3 09-10-2012 09:17 AM
command to connect the shared folder thelakbe Shell Programming and Scripting 1 08-17-2011 10:33 PM
See shared folder protocomm Shell Programming and Scripting 2 10-13-2010 08:46 AM
mounting shared folder at boot manustone Ubuntu 0 04-16-2010 04:57 AM
can folder shared with NFS (/usr/) tunjin Filesystems, Disks and Memory 0 02-19-2010 12:09 PM



All times are GMT -4. The time now is 08:03 PM.