Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: file permission/acl: 2 users with write access on 1 file...
Special Forums Cybersecurity file permission/acl: 2 users with write access on 1 file... Post 302229863 by elzalem on Thursday 28th of August 2008 05:25:07 AM
Old 08-28-2008
Error file permission/acl: 2 users with write access on 1 file...
Hello,

i need some help/advice on how to solve a particular problem.

these are the users:

Code:
|name      |  group        |
 ---------- ---------------
|boss      |  department1  |
|assistant |  department1  |
|employee  |  department1  |
|spy       |  department2  |





this is the hierarchy of my files:

Code:
 ----------------------------------
|  name ( file_perms owner group ) |
 ----------------------------------

dept1data ( rwxr-x--- boss department1 )
  |
  |
  |-----subdir1( boss department1 rwxr-x--- )
  |        |
  |     (jungle)
  |
  |-----subdir2  ( boss department1 rwxr-x--- )
  |        |
  |     (jungle)
  | 
(many more)





basically only the boss can write or create files, the assistant and the employee can read, the spy has no access.

now i need to give the assistant write permissions on the subdir1 (and all of it's subdirs & files)

should i do this:
$ setfacl -R -m u:assistant:w subdir1

and should i do it everytime a file is created under subdir1?

is there a better solution to my problem?



PS: users access the directory from a windows pc, the samba server is debian 4.0r3 (acl enabled)
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Wall, Write, select users, pipe a text file, HELP Before I'm Bald!

OK... I'm fairly new to unix having the admin handed to me on a platter w/almost no training. However, being a programmer, I do pick up things fairly easily, but this one is getting the best of me. I have a unix server that runs multiple versions of the same ERP system, hand crafted for our... (1 Reply)
Discussion started by: chimodel
1 Replies

2. Solaris

giving write access to selective users to a certain directory in solaris 10

Hi all, how can i grant write access to a selective users only with write access to a certain filesystem/directory in solaris 10. Please help..i tried "fs setacl"...does not seem to work Please adv..thanks in advance... (4 Replies)
Discussion started by: cromohawk
4 Replies

3. UNIX for Advanced & Expert Users

Access file permission settings from Windows

Looking to see if there is a tool/crawler that could export the file permissions to a windows for a unix system ? (3 Replies)
Discussion started by: matvrix
3 Replies

4. Programming

how to write Microsoft Access MDB file to a text file, using C ?

I'm in the UNIX environment. I'd like to read a Microsoft Access MDB file, and write the contents of that file into an ASCII text file. I want to write a C program to do this. Does anyone know if there's already source code out there that does this? Please advise. Thanks. (3 Replies)
Discussion started by: serendipity1276
3 Replies

5. Cybersecurity

File owned by oracle user and dba group need readonly access to other users

Under oracle user file abc.txt was created. Oracle user belong to dba group on UNIX Server. However other non Oracle users which belongs to some other network groups need read only access to this file. Every time when I login as other then oracle user and try to view this file it saying that I... (2 Replies)
Discussion started by: groosha
2 Replies

6. Solaris

file open/read/write/close/access by process

Hi want to know what file (descriptor+filename+socket) is being accessed by particular process on solaris. Purpose : while running perf. test, needs to find where is the bottleneck. We are providing concurrnet load for around 1 hr and needs to capture data related to file usage pattern... (1 Reply)
Discussion started by: raxitsheth
1 Replies

7. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

8. AIX

Does ACL can only grant/deny access for specific command?

Dear AIX/UNIX experts: I have a demand to restricted a file to be copy by others, but this file must can be read by others/Applications. As I tried, the chmod command cannot fulfill this requirement. But not sure if the ACL can achieve this function or not ? Could anybody give me your... (8 Replies)
Discussion started by: devyfong
8 Replies

9. Solaris

samba read write access to owner and no access to other users

Hi All, I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration. Regards, Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies

10. UNIX for Beginners Questions & Answers

Linux sftp — how to add new user to access exist directory with write permission?

I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies

LEARN ABOUT DEBIAN

getfacl

getfacl(1)                                                         User Commands                                                        getfacl(1)

NAME

       getfacl - display discretionary file information

SYNOPSIS

       getfacl [-ad] file...

DESCRIPTION

       For  each  argument  that is a regular file, special file, or named pipe, the getfacl utility displays the owner, the group, and the Access
       Control List (ACL).  For each directory argument, getfacl displays the owner, the group, and the ACL and/or the default ACL. Only  directo-
       ries contain default ACLs.

       The getfacl utility may be executed on a file system that does not support ACLs. It reports the ACL based on the base permission bits.

       With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it
       exists.

OPTIONS

       The following options are supported:

       -a       Displays the filename, the file owner, the file group owner, and the ACL of the file.

       -d       Displays the filename, the file owner, the file group owner, and the default ACL of the file, if it exists.

OPERANDS

       The following operands are supported:

       file     The path name of a regular file, special file, or named pipe.

OUTPUT

       The format for ACL output is as follows:

       # file: filename
       # owner: uid
       # group: gid
       user::perm
       user:uid:perm
       group::perm
       group:gid:perm
       mask:perm
       other:perm
       default:user::perm
       default:user:uid:perm
       default:group::perm
       default:group:gid:perm
       default:mask:perm
       default:other:perm

       When multiple files are specified on the command line, a blank line separates the ACLs for each file.

       The ACL entries are displayed in the order in which they are evaluated when an access check is performed. The default ACL entries that  may
       exist on a directory have no effect on access checks.

       The  first three lines display the filename, the file owner, and the file group owner. Notice that when only the -d option is specified and
       the file has no default ACL, only these three lines are displayed.

       The user entry without a user ID indicates the permissions that  are granted to the file owner. One or more additional user  entries  indi-
       cate the permissions that are granted to the specified users.

       The  group  entry  without  a  group  ID  indicates the permissions that  are granted to the file group owner. One or more additional group
       entries indicate the permissions that  are granted to the specified groups.

       The mask entry indicates the ACL mask permissions. These are the maximum permissions allowed to any user entries except the file owner, and
       to any group entries, including the file group owner. These permissions restrict the permissions specified in other entries.

       The other entry indicates the permissions that are granted to others.

       The  default entries may exist only for directories. These entries indicate the default entries that are added to a file created within the
       directory.

       The uid is a login name or a user ID if there is no entry for the uid in the system password file, /etc/passwd. The gid is a group name  or
       a group ID if there is no entry for the gid in the system group file, /etc/group. The perm is a three character string composed of the let-
       ters representing the separate discretionary access rights: r (read), w (write), x (execute/search), or the place holder character  -.  The
       perm is displayed in the following order: rwx. If a permission is not granted by an ACL entry, the place holder character appears.

       If   you  use the chmod(1) command to change the file group owner permissions on a file with ACL entries, both the file group owner permis-
       sions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions may change the effective  permissions
       for additional users and groups who have ACL entries on the file.

       In  order  to  indicate  that  the  ACL mask  restricts an ACL entry, getfacl displays an additional tab character, pound sign (#), and the
       actual permissions granted, following the entry.

EXAMPLES

       Example 1: Displaying file information

       Given file foo, with an ACL six entries long, the command

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--
       group::r--
       mask::rw-
       other::---

       Example 2: Displaying information after chmod command

       Continue with the above example, after chmod 700 foo was issued:

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--     #effective:---
       group::---
       mask::---
       other::---

       Example 3: Displaying information when ACL contains default entries

       Given directory doo, with an ACL containing default entries, the command

       host% getfacl -d doo

       would print:

       # file: doo
       # owner: shea
       # group: staff
       default:user::rwx
       default:user:spy:---
       default:user:mookie:r--
       default:group::r--
       default:mask::---
       default:other::---

FILES

       /etc/passwd     system password file

       /etc/group      group file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       chmod(1), ls(1), setfacl(1), acl(2), aclsort(3SEC), group(4), passwd(4), attributes(5)

NOTES

       The output from getfacl is in the correct format for input to the setfacl -f command. If the output from getfacl is redirected to  a  file,
       the file may be used as input to setfacl. In this way, a user may easily assign one file's ACL to another file.

SunOS 5.10                                                          5 Nov 1994                                                          getfacl(1)
All times are GMT -4. The time now is 08:51 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy