Hello.
I need some help to create a shared folder.
A group 'publicuser' has been created.
A user 'publicuser' has been created ( no login, no home) and belongs to group 'publicuser'.
A public folder '/doc' has been created and owner is publicuser:publicuser.
All users belonging to group 'publicuser' can create folder under'/doc'.
All users belonging to group 'publicuser' can create folder in other user's folder as far as they reside under '/doc'. User's folder are just non private folders.
All users belonging to group 'publicuser' can read, write, modify any type of files everywhere Independently of whom is the owner, as far as they reside under '/doc'.
Only owner can delete objects.
File cannot be executed.
I have try this piece of code, but I cannot go thru folders.
The execute bit is not set on the folders.
Any help is welcome
Last edited by rbatte1; 04-21-2017 at 05:14 AM..
Reason: Converted textual numbered list to formatted numbered list with LIST=1 tags
Try using the sticky bit, like the way the /tmp directory is set up.
Apply the stick bit to all directories, and set ownership of them to publicuser.
acl's will work but are complex as you found.
Try using the sticky bit, like the way the /tmp directory is set up.
Apply the stick bit to all directories, and set ownership of them to publicuser.
acl's will work but are complex as you found.
Example:
chmod 1770 seems not to be sufficient
==> Folder not accessible
files belongs to user_name:users ( users is universal group for all users ) not to 'user_name:publicuser'
Changing to chmod 3770 seems not fully sufficient
files belongs to 'user_name:publicuser' ==> OK
But user can edit files only with vi in a terminal session not with kate ( gui ).
---------- Post updated at 18:28 ---------- Previous update was at 18:05 ----------
Forget previous thread
I think user cannot write because the files have effective mask : r-- on files.
After logout and log in again, It is not possible to edit files that you don't own yourself with vi or kate.
I suppose because the effective mask is r--
Any help is welcome
---------- Post updated at 18:50 ---------- Previous update was at 18:28 ----------
I have read that it is possible to define a mask.
I have a try and give news.
---------- Post updated at 20:35 ---------- Previous update was at 18:50 ----------
Have set mask
Nothing new.
OK ==> user not in group publicuser cannot access folders owned by publicuser.
OK ==> user in group publicuser can create/edit files they owned in any folders owned by publicuser.
bad ==> A user (belonging to publicuser) in it's own folder cannot edit files created by other users (belonging to group publicuser).
bad ==> until A user (belonging to publicuser)edit bor create a file, the file mask return to r--
Last edited by rbatte1; 04-21-2017 at 05:35 AM..
Reason: Converted from textual numbered lists to formatted numbered lists with LIST=1 & LIST=a tags
Why are ACL's being used here? Is this a network filesystem or other such thing where it might be required?
For the moment it is on a simple linux multi-user box.
As said at post #1
Quote:
A group 'publicuser' has been created.
A user 'publicuser' has been created ( no login, no home) and belongs to group 'publicuser'.
A public folder '/doc' has been created and owner is publicuserublicuser.
All users belonging to group 'publicuser' can create folder under'/doc'.
All users belonging to group 'publicuser' can create folder in other user's folder as far as they reside under '/doc'. User's folder are just non private folders.
All users belonging to group 'publicuser' can read, write, modify any type of files everywhere Independently of whom is the owner, as far as they reside under '/doc'.
Only owner can delete objects.
File cannot be executed.
You can 't do that with just chmod. You need ACL.
Everybody can do any action in the folder /doc ( or any sub-folders). But in that folder ( or sub-folders ) they may not delete any object they do not owned.
Everybody can do any action in the folder /doc ( or any sub-folders). But in that folder ( or sub-folders ) they may not delete any object they do not owned.
You can do that with just chmod, ACL's not needed. Set the folder U+S, just like they do on /tmp/, and you will only be able to delete your own files. G+S has a different meaning, it forces the group of created files to be the same group as the directory.
You can do that with just chmod, ACL's not needed. Set the folder U+S, just like they do on /tmp/, and you will only be able to delete your own files. G+S has a different meaning, it forces the group of created files to be the same group as the directory.
[edit] Jim already suggested this a week ago.
As I have already said that does not do what I want
Using G+S in PUBLIC SHARED FOLDER
a) deletion of not owned files forbidden : OK
b) creation in user's folder : OK
c) creation in other user's folder : OK
d) editing files owned by others in its own user's folder : KO access denied
d) editing files owned by others in any other folder ( owned or not owned ) : KO access denied
files are marked as
user::rw-
group::r--
other::r--
My test script in pseudo code :
step 9
print acl for user1 and user2
=+=+=+=+=+=+=+=+=+=+=+=+=+=
Quote:
Originally Posted by jim mcnamara
Try using the sticky bit, like the way the /tmp directory is set up.
Apply the stick bit to all directories, and set ownership of them to publicuser.
acl's will work but are complex as you found.
Example:
does not work
same comments as above.
My script in pseudo code :
step 9
print acl for user1 and user2
Any help _is welcome
Hello, I have a question regarding ACLs and their availability across different Unix platforms via NFS share.
If I have an AIX/FreeBSD/Solaris/HP-UX client that has an nfs share from a different system mounted on it, will the ACLs on the nfs share be processed properly?
My guess is that as... (2 Replies)
I'm trying to set up a folder in my home directory that will be shared with another user but for some reason it is not working this is what I've done, I have tried two different ways using ACL's and chown/chgrp etc
I set up a group called say: sharedgroup and added both my user (john) and fred... (3 Replies)
Hello,
I am using unix through cygwin application in my office machine and here i encounter a problem which i want copy certain big files from a shared folder
shared folder--\\Parwvm000154\docs
to my local machine c:/
I'm really honor if i clarified with the command.
Regards... (1 Reply)
Hi,
In our bank production environment - IBM AIX 5.3, we have a particular parent folder inside which an application creates temporary folders & files. These temp folders exist for the lifetime of the user session within the application and then get deleted automatically.
Since these temp... (1 Reply)
Hi All
Everytime a reboot my machine "hostB" I have to mount a shared (with machine "hostA" ) NFS folder giving this command
sudo mount hostA:/sharedFolder /sharedFolder
How to use fstab in order to do this automatically?
I should say
hostA:/sharedFolder /sharedFolder ... (0 Replies)
hello
i wanted to ask you
i try to setting:
pc server name: A
pc user name: B
pc user name: C
server A is opensuse 11.2 with kde 4.3.5 and last kernel
so i create NFS server, i think.. folder (/usr is all softwares and library) because
server A can share to PC A.
because all... (0 Replies)
Hi all,
I have the following code to check the whether the folder is exist in my system.
if ; then echo 'folder exist'; else echo 'folder not exist'; mkdir /home/batch/testing ; fi
When I remove the "testing" folder from "/home/batch" directory, the code is working fine. But when I... (2 Replies)
Hi,
I generated a script that will create the list of dir/sub-dir and will allow to create the same on diff server. this is what i have done :
#!/bin/ksh
# Script to migrate the directory between the two servers.
# Ver 0.1
# Author Krishna. D
# c - create and e - extract directory
if ;... (1 Reply)