Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: two groups with permission on one directory
Top Forums UNIX for Dummies Questions & Answers two groups with permission on one directory Post 302274549 by Annihilannic on Thursday 8th of January 2009 12:40:21 AM
Old 01-08-2009
This is one of the major limitations of the standard Unix file permissions system. The only way I know of to achieve this using just one directory is to use ACLs (access control lists, see man getfacl/setfacl), but unfortunately these are not supported by all filesystems, or by all OS's and/or utilities... e.g. some backup software will not back them up.

This is unfortunate because they are very useful for some other things, such as setting default permissions on files and subdirectories created in the directory.

One other option you have is to use a structure like this:

Code:
drwxr-x--- user1 group2 topdir
   drwxrwsr-x user1 group1 subdir
       -rw-r--r-- user1 group1 files

Then ensure that all members in group1 are also in group2 (but not the reverse, i.e. group2 is a superset of group1). That way a user in group2 can descend to the /topdir/subdir directory, wherein they effectively have read-only rights by virtue of the "other" attributes. Users in group1 can descend into that directory too because they are also members of group2, and can modify the files because of their group write access. Users in neither group can't even enter the /topdir so they can't access the files at all.

You'll notice I have set the setgid bit on the subdir - this ensures all files in that directory are created with group1 ownership. You may also need to consider setting appropriate umasks for the process(es) that create files in this directory so that they are created as 664 instead of 644, i.e. umask 002.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

related to directory permission

$mkdir nw_dir $----------- $cd nw_dir bash:permission denied so what need to be filled in the blanks? (1 Reply)
Discussion started by: mxms755
1 Replies

2. UNIX for Dummies Questions & Answers

how to add permission of directory to a group

Hi, A simple and silly question on Unix. I have a directory named "a" and I would like to grant permission to group name "text" to access, read and execute my directory. Could anyone help me? Thanks. (2 Replies)
Discussion started by: ahjiefreak
2 Replies

3. Solaris

reg directory permission

One small doubt. can anyone explain me the difference between directory read and execute permission. (2 Replies)
Discussion started by: rogerben
2 Replies

4. Solaris

Delete Permission on Directory

Hi, I have a directory /u01/source. Following are current permission on directory source. oracle@TEST # ls -l source drwxrwxrwx 2 user1 userbi 31232 Apr 8 13:33 EG1 drwxrwxrwx 2 user1 userbi 1024 Apr 8 05:45 E2 drwxrwxrwx 2 user1 userbi 57344 Mar 15 10:22 h5 There is another ... (4 Replies)
Discussion started by: fahdmirza
4 Replies

5. UNIX for Dummies Questions & Answers

Directory permission

hi i have a directory called dbms and group dba.... My question is how do i set full permissions i.e read/write/execute for all user(in dba group) for the directory dbms. If i use the following cmd chmod g+rwx dbms here in above cmd ..which group it denotes..how AIX will know (3 Replies)
Discussion started by: udtyuvaraj
3 Replies

6. Solaris

exec_attr permission for whole directory

Hi friends, I would like to grant a management capability for a specific application to my user test. Application is installed under /opt/myApp and has startup and management scripts under directories bin and sbin. This application is installed by root and can be managed by root. For security... (0 Replies)
Discussion started by: niyazi
0 Replies

7. UNIX for Dummies Questions & Answers

Multiple groups in directory / file permissions

Hi I need to permit one group to have r-x permissions on all files in a directory and another group to have just read access, im confused how to do this as if i set the 'Other' permission class as read access then all users will have access to them. So basically i have a directory which the... (2 Replies)
Discussion started by: m3y
2 Replies

8. UNIX for Dummies Questions & Answers

Change permission to a directory

Hi, How do i change the permission to read/write to a windows directory? (1 Reply)
Discussion started by: lg123
1 Replies

9. AIX

Can we add multiple groups to a directory or a file ?

Hello, drwxr-x--- 21 root system 4096 Jan 25 10:20 /testdir here owner is root, group is system. 1) is it possible to add multiple groups to "/testdir" files/directories ? if yes, please provide me the command. my requirement is to provide read-only access to user1 on /testdir... (6 Replies)
Discussion started by: aaron8667
6 Replies

10. AIX

How to set owner and permission for files/directory in directory in this case?

Hi. My example: I have a filesystem /log. Everyday, log files are copied to /log. I'd like to set owner and permission for files and directories in /log like that chown -R log_adm /log/* chmod -R 544 /log/*It's OK, but just at that time. When a new log file or new directory is created in /log,... (8 Replies)
Discussion started by: bobochacha29
8 Replies

LEARN ABOUT OSX

mpi_group_difference

MPI_Group_difference(3OpenMPI)											    MPI_Group_difference(3OpenMPI)

NAME

       MPI_Group_difference  - Makes a group from the difference of two groups.

SYNTAX

C Syntax
       #include <mpi.h>
       int MPI_Group_difference(MPI_Group group1, MPI_Group group2,
	    MPI_Group *newgroup)

Fortran Syntax
       INCLUDE 'mpif.h'
       MPI_GROUP_DIFFERENCE(GROUP1, GROUP2, NEWGROUP, IERROR)
	    INTEGER   GROUP1, GROUP2, NEWGROUP, IERROR

C++ Syntax
       #include <mpi.h>
       static Group Group::Difference(const Group& group1, const Group& group2)

INPUT PARAMETERS

       group1	 First group (handle).

       group2	 Second group (handle).

OUTPUT PARAMETERS

       newgroup  Difference group (handle).

       IERROR	 Fortran only: Error status (integer).

DESCRIPTION

       The set-like operations are defined as follows:

	 o    union -- All elements of the first group (group1), followed by all elements of second group (group2) that are not in the first group

	 o    intersect -- all elements of the first group that are also in the second group, ordered as in first group

	 o    difference -- all elements of the first group that are not in the second group, ordered as in the first group

       Note that for these operations the order of processes in the output group is determined primarily by order in the first group (if possible)
       and then, if necessary, by order in the second group. Neither union nor intersection are commutative, but both are associative.

       The new group can be empty, that is, equal to MPI_GROUP_EMPTY.

ERRORS

       Almost all MPI routines return an error value; C routines as the value of the function and Fortran routines in the last argument. C++ func-
       tions  do not return errors. If the default error handler is set to MPI::ERRORS_THROW_EXCEPTIONS, then on error the C++ exception mechanism
       will be used to throw an MPI:Exception object.

       Before the error value is returned, the current MPI error handler is called. By default, this error handler aborts the MPI job, except  for
       I/O  function  errors. The error handler may be changed with MPI_Comm_set_errhandler; the predefined error handler MPI_ERRORS_RETURN may be
       used to cause error values to be returned. Note that MPI does not guarantee that an MPI program can continue past an error.

SEE ALSO

       MPI_Group_free

Open MPI 1.2							  September 2006				    MPI_Group_difference(3OpenMPI)
All times are GMT -4. The time now is 12:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy