Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: file permission/acl: 2 users with write access on 1 file...
Special Forums Cybersecurity file permission/acl: 2 users with write access on 1 file... Post 302229863 by elzalem on Thursday 28th of August 2008 05:25:07 AM
Old 08-28-2008
Error file permission/acl: 2 users with write access on 1 file...
Hello,

i need some help/advice on how to solve a particular problem.

these are the users:

Code:
|name      |  group        |
 ---------- ---------------
|boss      |  department1  |
|assistant |  department1  |
|employee  |  department1  |
|spy       |  department2  |





this is the hierarchy of my files:

Code:
 ----------------------------------
|  name ( file_perms owner group ) |
 ----------------------------------

dept1data ( rwxr-x--- boss department1 )
  |
  |
  |-----subdir1( boss department1 rwxr-x--- )
  |        |
  |     (jungle)
  |
  |-----subdir2  ( boss department1 rwxr-x--- )
  |        |
  |     (jungle)
  | 
(many more)





basically only the boss can write or create files, the assistant and the employee can read, the spy has no access.

now i need to give the assistant write permissions on the subdir1 (and all of it's subdirs & files)

should i do this:
$ setfacl -R -m u:assistant:w subdir1

and should i do it everytime a file is created under subdir1?

is there a better solution to my problem?



PS: users access the directory from a windows pc, the samba server is debian 4.0r3 (acl enabled)
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Wall, Write, select users, pipe a text file, HELP Before I'm Bald!

OK... I'm fairly new to unix having the admin handed to me on a platter w/almost no training. However, being a programmer, I do pick up things fairly easily, but this one is getting the best of me. I have a unix server that runs multiple versions of the same ERP system, hand crafted for our... (1 Reply)
Discussion started by: chimodel
1 Replies

2. Solaris

giving write access to selective users to a certain directory in solaris 10

Hi all, how can i grant write access to a selective users only with write access to a certain filesystem/directory in solaris 10. Please help..i tried "fs setacl"...does not seem to work Please adv..thanks in advance... (4 Replies)
Discussion started by: cromohawk
4 Replies

3. UNIX for Advanced & Expert Users

Access file permission settings from Windows

Looking to see if there is a tool/crawler that could export the file permissions to a windows for a unix system ? (3 Replies)
Discussion started by: matvrix
3 Replies

4. Programming

how to write Microsoft Access MDB file to a text file, using C ?

I'm in the UNIX environment. I'd like to read a Microsoft Access MDB file, and write the contents of that file into an ASCII text file. I want to write a C program to do this. Does anyone know if there's already source code out there that does this? Please advise. Thanks. (3 Replies)
Discussion started by: serendipity1276
3 Replies

5. Cybersecurity

File owned by oracle user and dba group need readonly access to other users

Under oracle user file abc.txt was created. Oracle user belong to dba group on UNIX Server. However other non Oracle users which belongs to some other network groups need read only access to this file. Every time when I login as other then oracle user and try to view this file it saying that I... (2 Replies)
Discussion started by: groosha
2 Replies

6. Solaris

file open/read/write/close/access by process

Hi want to know what file (descriptor+filename+socket) is being accessed by particular process on solaris. Purpose : while running perf. test, needs to find where is the bottleneck. We are providing concurrnet load for around 1 hr and needs to capture data related to file usage pattern... (1 Reply)
Discussion started by: raxitsheth
1 Replies

7. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

8. AIX

Does ACL can only grant/deny access for specific command?

Dear AIX/UNIX experts: I have a demand to restricted a file to be copy by others, but this file must can be read by others/Applications. As I tried, the chmod command cannot fulfill this requirement. But not sure if the ACL can achieve this function or not ? Could anybody give me your... (8 Replies)
Discussion started by: devyfong
8 Replies

9. Solaris

samba read write access to owner and no access to other users

Hi All, I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration. Regards, Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies

10. UNIX for Beginners Questions & Answers

Linux sftp — how to add new user to access exist directory with write permission?

I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies

LEARN ABOUT HPUX

chmod

chmod(1)						      General Commands Manual							  chmod(1)

NAME

       chmod - change file mode access permissions

SYNOPSIS

       symbolic_mode_list file ...

   Obsolescent form
       numeric_mode file ...

DESCRIPTION

       The command changes the permissions of one or more files according to the value of symbolic_mode_list or numeric_mode.  You can display the
       current permissions for a file with the command (see ls(1)).

       Only the owner of a file, or a user with appropriate privileges, can change its mode.

       Only a user having appropriate privileges can set (or retain, if previously set) the sticky bit of a regular file.

       If the sticky bit is set on a directory, files inside the directory may be renamed or removed only by the owner of the file, the  owner	of
       the directory, or the superuser (even if the modes of the directory would otherwise allow such an operation).

       In order to set the set-group-ID bit, the group of the file must correspond to your current group ID.

       If is used on a symbolic link, the mode of the file referred to by the link is changed.

   Options
       The command recognizes the following options:

	      Preserve any optional access control list (ACL) entries
		     associated  with  the  file  (HFS	file  systems only).  By default, in conformance with the IEEE Standard POSIX 1003.1-1988,
		     optional HFS ACL entries are deleted.  For JFS ACLs, this option has no effect, because optional JFS ACL entries  are  always
		     preserved.  For information about access control lists, see acl(5) and aclv(5).

	      Recursively change the file mode bits.
		     For  each file operand that names a directory, alters the file mode bits of the named directory and all files and subdirecto-
		     ries in the file hierarchy below it.

   Operands
       The command recognizes the following operands:

	      file   Targe file for which the permissions are changes.

	      numeric-mode
		     Numeric value used to determine permission on a specified file.  See the section for more information.

	      symbolic-mode-list
		     List of operations used to determine permissions on a specified file.  See the section for more information.

   Symbolic Mode List
       A symbolic_mode_list is a comma-separated list of operations in the following form.  Whitespace is not permitted.

	      [who]op[permission

       The variable fields can have the following values:

	      who	  One or more of the following letters:

			       Modify permissions for user (owner).
			       Modify permissions for group.
			       Modify permissions for others.
			       Modify permissions for all users
				      is equivalent to

	      op	  Required; one of the following symbols:

			       Add    permission to the existing file mode bits of who.
			       Delete permission from the existing file mode bits of who.
			       Replace the existing mode bits of
				      who with permission.

	      permission  One or more of the following letters:

			       Add or delete the read permission for
				      who.
			       Add or delete the write permission for
				      who.
			       Add or delete the execute file (search directory) permission for
				      who.
			       Add or delete the set-owner-ID-on-file-execution
				      or set-group-ID-on-file-execution permission for who.  Useful only if or is expressed or implied in who.
			       Add or delete the sticky bit permission.
				      Useful only if is expressed or implied in who.  See chmod(2).
			       Conditionally add or delete the execute/search permission as follows:
				      o  If file is a directory, add or delete the search permission to the existing file mode for who.  (Same as
				      o  If file is not a directory, and the current file permissions include the execute permission  displays	an
					 or an for at least one of user, group, or other, then add or delete the execute file permission for who.
				      o  If  file  is  not  a  directory, and no execute permissions are set in the current file mode, then do not
					 change any execute permission.

			  Or one only of the following letters:

			       Copy the current user permissions to
				      who.
			       Copy the current group permissions to
				      who.
			       Copy the current other permissions to
				      who.

       The operations are performed in the order specified, and can override preceding operations specified in the same command line.

       If who is omitted, the and permissions are changed for all users if the changes are permitted by the current file mode creation	mask  (see
       umask(1)).  The and permissions are changed as if was specified in who.

       Omitting permission is useful only when used with to delete all permissions.

   Numeric Mode (Obsolescent)
       Absolute  permissions  can be set by specifying a numeric_mode, an octal number constructed from the logical OR (sum) of the following mode
       bits:

       Miscellaneous mode bits:

       Permission mode bits:

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

       If is not specified or is null, it defaults to the value of If is not specified or is null, it defaults to (see lang(5)).

       If any internationalization variable contains an invalid setting, all internationalization variables default to See environ(5).

   International Code Set Support
       Single- and multibyte character code sets are supported.

RETURN VALUE

       Upon completion, returns one of the following values:

	      Successful completion.
	      An error condition occurred.

EXAMPLES

       Deny write permission to others:

       Make a file executable by everybody:

       Assign read and execute permission to everybody, and set the set-user-ID bit:

       Assign read and write permission to the file owner, and read permission to everybody else:

       or the obsolescent form:

       Traverse a directory subtree making all regular files readable by user and group only,  and  all  executables  and  directories	executable
       (searchable) by everyone:

       If the current value of is displays do not change write permission for group) and the current permissions for file are displayed by as then
       the command

       sets the permissions to displayed by as

       If the current value of is displays do not change write permission for group) and the current permissions for file are displayed by as then
       the command

       sets the permissions to displayed by as

DEPENDENCIES

       The option causes to fail on file systems that do not support ACLs.

AUTHOR

       was developed by AT&T and HP.

SEE ALSO

       chacl(1), ls(1), umask(1), chmod(2), acl(5), aclv(5).

STANDARDS CONFORMANCE

																	  chmod(1)
All times are GMT -4. The time now is 01:49 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy