Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: file permission/acl: 2 users with write access on 1 file...
Special Forums Cybersecurity file permission/acl: 2 users with write access on 1 file... Post 302229863 by elzalem on Thursday 28th of August 2008 05:25:07 AM
Old 08-28-2008
Error file permission/acl: 2 users with write access on 1 file...
Hello,

i need some help/advice on how to solve a particular problem.

these are the users:

Code:
|name      |  group        |
 ---------- ---------------
|boss      |  department1  |
|assistant |  department1  |
|employee  |  department1  |
|spy       |  department2  |





this is the hierarchy of my files:

Code:
 ----------------------------------
|  name ( file_perms owner group ) |
 ----------------------------------

dept1data ( rwxr-x--- boss department1 )
  |
  |
  |-----subdir1( boss department1 rwxr-x--- )
  |        |
  |     (jungle)
  |
  |-----subdir2  ( boss department1 rwxr-x--- )
  |        |
  |     (jungle)
  | 
(many more)





basically only the boss can write or create files, the assistant and the employee can read, the spy has no access.

now i need to give the assistant write permissions on the subdir1 (and all of it's subdirs & files)

should i do this:
$ setfacl -R -m u:assistant:w subdir1

and should i do it everytime a file is created under subdir1?

is there a better solution to my problem?



PS: users access the directory from a windows pc, the samba server is debian 4.0r3 (acl enabled)
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Wall, Write, select users, pipe a text file, HELP Before I'm Bald!

OK... I'm fairly new to unix having the admin handed to me on a platter w/almost no training. However, being a programmer, I do pick up things fairly easily, but this one is getting the best of me. I have a unix server that runs multiple versions of the same ERP system, hand crafted for our... (1 Reply)
Discussion started by: chimodel
1 Replies

2. Solaris

giving write access to selective users to a certain directory in solaris 10

Hi all, how can i grant write access to a selective users only with write access to a certain filesystem/directory in solaris 10. Please help..i tried "fs setacl"...does not seem to work Please adv..thanks in advance... (4 Replies)
Discussion started by: cromohawk
4 Replies

3. UNIX for Advanced & Expert Users

Access file permission settings from Windows

Looking to see if there is a tool/crawler that could export the file permissions to a windows for a unix system ? (3 Replies)
Discussion started by: matvrix
3 Replies

4. Programming

how to write Microsoft Access MDB file to a text file, using C ?

I'm in the UNIX environment. I'd like to read a Microsoft Access MDB file, and write the contents of that file into an ASCII text file. I want to write a C program to do this. Does anyone know if there's already source code out there that does this? Please advise. Thanks. (3 Replies)
Discussion started by: serendipity1276
3 Replies

5. Cybersecurity

File owned by oracle user and dba group need readonly access to other users

Under oracle user file abc.txt was created. Oracle user belong to dba group on UNIX Server. However other non Oracle users which belongs to some other network groups need read only access to this file. Every time when I login as other then oracle user and try to view this file it saying that I... (2 Replies)
Discussion started by: groosha
2 Replies

6. Solaris

file open/read/write/close/access by process

Hi want to know what file (descriptor+filename+socket) is being accessed by particular process on solaris. Purpose : while running perf. test, needs to find where is the bottleneck. We are providing concurrnet load for around 1 hr and needs to capture data related to file usage pattern... (1 Reply)
Discussion started by: raxitsheth
1 Replies

7. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

8. AIX

Does ACL can only grant/deny access for specific command?

Dear AIX/UNIX experts: I have a demand to restricted a file to be copy by others, but this file must can be read by others/Applications. As I tried, the chmod command cannot fulfill this requirement. But not sure if the ACL can achieve this function or not ? Could anybody give me your... (8 Replies)
Discussion started by: devyfong
8 Replies

9. Solaris

samba read write access to owner and no access to other users

Hi All, I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration. Regards, Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies

10. UNIX for Beginners Questions & Answers

Linux sftp — how to add new user to access exist directory with write permission?

I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies

LEARN ABOUT HPUX

chacl

chacl(1)						      General Commands Manual							  chacl(1)

NAME

       chacl - add, modify, delete, copy, or summarize access control lists (ACLs) of files

SYNOPSIS

       acl file ...

       acl file ...

       aclpatt file ...

       fromfile tofile	...

       file...

DESCRIPTION

       extends	the  capabilities  of  chmod(1), by enabling the user to grant or restrict file access to additional specific users and/or groups.
       Traditional file access permissions, set when a file is created, grant or restrict access to the file's	owner,	group,	and  other  users.
       These file access permissions (eg., are mapped into three base access control list entries: one entry for the file's owner (umode), one for
       the file's group g, mode), and one for other users mode).

       enables a user to designate up to thirteen additional sets of permissions (called optional access control list  (ACL)  entries)	which  are
       stored in the access control list of the file.

       To use chacl, the owner (or superuser) constructs an acl, a set of (user.group, mode) mappings to associate with one or more files.  A spe-
       cific user and group can be referred to by either name or number; any user (u), group (g), or both can be referred to with a symbol, repre-
       senting any user or group.  The @ symbol specifies the file's owner or group.

       Read,  write,  and execute/search modes are identical to those used by chmod; symbolic operators (op) add remove or set access rights.  The
       entire acl should be quoted if it contains whitespace or special characters.  Although two variants for constructing the acl are  available
       (and fully explained in acl(5)), the following syntax is suggested:

	      entry[, entry] ...

       where the syntax for an entry is

	      u.g op mode[op mode] ...

       By  default,  modifies existing ACLs.  It adds ACL entries or modifies access rights in existing ACL entries.  If acl contains an ACL entry
       already associated with a file, the entry's mode bits are changed to the new value given, or are modified by the specified  operators.	If
       the  file's  ACL  does not already contain the specified entry, that ACL entry is added.  can also remove all access to files.  Giving it a
       null acl argument means either ``no access'' (when using the option) or ``no changes.''

       For a summary of the syntax, run without arguments.

       If file is specified as reads from standard input.

   Options
       recognizes the following options:

       Replace old    ACLs with the given ACL.	All optional ACL entries are first deleted from the specified files's ACLs, their base permissions
		      are  set to zero, and the new ACL is applied.  If acl does not contain an entry for the owner (uthe group g), or other users
		      of a file, that base ACL entry's mode is set to zero (no access).  The command affects all of the file's	ACL  entries,  but
		      does not change the file's owner or group ID.

		      In chmod(1), the ``modify'' and ``replace'' operations are distinguished by the syntax (string or octal value).  There is no
		      corollary for ACLs because they have a variable number of entries.  Hence modifies specific entries by default, and  option-
		      ally replaces all entries.

       Delete the specified entries from the
		      ACLs  on all specified files.  The aclpatt argument can be an exact ACL or an ACL pattern (see acl(5)).  updates each file's
		      ACL only if entries are deleted from it.

		      If you attempt to delete a base ACL entry from any file, the entry remains but its access mode is set to zero  (no  access).
		      If  you  attempt	to  delete  a  non-existent ACL entry from a file (that is, if an ACL entry pattern matches no ACL entry),
		      informs you of the error, continues, and eventually returns non-zero.

       Copy the       ACL from fromfile to the specified tofile, transferring ownership, if necessary (see  acl(5),  chown(2),	or  chownacl(3C)).
		      fromfile can be to represent standard input.

		      This option implies the option.  If the owner and group of fromfile are identical to those of tofile, is identical to:

		      To copy an ACL without transferring ownership, the above command is suggested instead of

       Delete (``zap'') all optional entries in the specified file's
		      ACLs, leaving only base entries.

       Delete (``zap'') all optional entries in the specified file's
		      ACLs,  and  set the access modes in all base entries to zero (no access).  This is identical to replacing the old ACL with a
		      null ACL:

		      or using chmod(1), which deletes optional entries as a side effect:

       Incorporate (``fold'') optional
		      ACL entries into base ACL entries.  The base ACL entry's permission  bits are altered, if necessary, to reflect the caller's
		      effective access rights to the file; all optional entries, if any, are deleted.

		      For ordinary users, only the access mode of the owner base ACL entry can be altered.  Unlike the write bit is not turned off
		      for a file on a read-only file system or a shared-text program being executed (see getaccess(1)).

		      For super-users, only the execute mode bit in the owner base ACL entry might be changed, only if the file is not an  regular
		      file or if an execute bit is not already set in a base ACL entry mode, but is set in an optional ACL entry mode.

       acl also can be obtained from a string in a file:

       Using @ in acl to represent ``file owner or group'' can cause to run more slowly because it must reparse the ACL for each file (except with
       the option).

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

       If is not specified or is set to the empty string, a default of "C" (see lang(5)) is used instead of If any  internationalization  variable
       contains an invalid setting, behaves as if all internationalization variables are set to "C".  See environ(5).

RETURN VALUE

       If succeeds, it returns a value of zero.

       If  encounters  an error before it changes any file's ACL, it prints an error message to standard error and returns 1.  Such errors include
       invalid invocation, invalid syntax of acl (aclpatt), a given user name or group name is unknown, or inability to get an ACL  from  fromfile
       with the option.

       If  cannot  execute  the  requested operation, it prints an error message to standard error, continues, and later returns 2.  This includes
       cases when a file does not exist, a file's ACL cannot be altered, more ACL entries would result than are allowed, or an attempt is made	to
       delete a non-existing ACL entry.

EXAMPLES

       The following command adds read access for user in any group, and removes write access for any user in the files's groups, for files and

       This  command  replaces	the  ACL  on  the file open as standard input and on file with one which only allows the file owner read and write
       access.

       Delete from file the specific access rights, if any, for user 165 in group 13.  Note that this is different from adding an ACL  entry  that
       restricts access for that user and group.  The user's resulting access rights depend on the entries remaining in the ACL.  The command also
       deletes all entries for user that have a read bit turned on (the asterisk can be used as a wildcard in the ACL pattern for user, group,	or
       access mode):

       Copy the ACL from to and

       Delete the optional ACL entries, if any, on the file open as standard input.

       Deny all access to all files in the current directory whose names start with or

       Incorporate the optional ACL entries of a file into the base ACL entries:

WARNINGS

       An  ACL	string cannot contain more than 16 unique entries, even though converting @ symbols to user or group names and combining redundant
       entries might result in fewer than 16 entries for some files.

DEPENDENCIES

       will fail when the target file resides on a file system which does not support ACLs.

   NFS
       Only the option is supported on remote files.

AUTHOR

       was developed by HP.

SEE ALSO

       chmod(1), getaccess(1), lsacl(1), getacl(2), setacl(2), acl(5), glossary(9).

																	  chacl(1)
All times are GMT -4. The time now is 09:40 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy