Hello.
I need some help to create a shared folder.
A group 'publicuser' has been created.
A user 'publicuser' has been created ( no login, no home) and belongs to group 'publicuser'.
A public folder '/doc' has been created and owner is publicuser:publicuser.
All users belonging to group 'publicuser' can create folder under'/doc'.
All users belonging to group 'publicuser' can create folder in other user's folder as far as they reside under '/doc'. User's folder are just non private folders.
All users belonging to group 'publicuser' can read, write, modify any type of files everywhere Independently of whom is the owner, as far as they reside under '/doc'.
Only owner can delete objects.
File cannot be executed.
I have try this piece of code, but I cannot go thru folders.
Code:
# ---
# step 4 CREATE PUBLIC FOLDER
# ---
for A_PUB_FOLDER in "$PUB_GOUPS" ; do
if [[ "$A_PUB_FOLDER" == "/" ]] ; then
echo "ERROR - THIS PUBLIC FOLDER IS NOT DEFINED : \"$A_PUB_FOLDER\" "
echo "EXITING ..."
exit $E_BAD_PARAM
fi
#
echo
echo "--------------------------"
echo "Doing : $A_PUB_FOLDER"
echo "--------------------------"
echo
#
#
# Remove acl
#
CMD="setfacl -b $A_PUB_FOLDER" #//remove acl
echo "COMMAND : $CMD"
${CMD}
#
mkdir -pv $A_PUB_FOLDER
chmod -v +t $A_PUB_FOLDER #//set sticky bit
chmod -v +x $A_PUB_FOLDER #//set execute bit
#
chown -Rv publicuser:publicuser $A_PUB_FOLDER
#
setfacl -R -m u::rw- $A_PUB_FOLDER #//set user to rw-
setfacl -R -m g::r-- $A_PUB_FOLDER #//set group to r--
setfacl -R -m g:publicuser:rw- $A_PUB_FOLDER #//set group publicuser to rw-
setfacl -R -m o::--- $A_PUB_FOLDER #//set other to ---
# Set default
setfacl -R -d -m u::rw- $A_PUB_FOLDER #//set user rw- default
setfacl -R -d -m o::--- $A_PUB_FOLDER #//set other --- default
setfacl -R -d -m g::r-- $A_PUB_FOLDER #//set group to r-- default
setfacl -R -d -m g:publicuser:rw- $A_PUB_FOLDER #//set group publicuser to rw- default
#
done
#
The execute bit is not set on the folders.
Any help is welcome
Last edited by rbatte1; 04-21-2017 at 05:14 AM..
Reason: Converted textual numbered list to formatted numbered list with LIST=1 tags
Try using the sticky bit, like the way the /tmp directory is set up.
Apply the stick bit to all directories, and set ownership of them to publicuser.
acl's will work but are complex as you found.
Try using the sticky bit, like the way the /tmp directory is set up.
Apply the stick bit to all directories, and set ownership of them to publicuser.
acl's will work but are complex as you found.
After logout and log in again, It is not possible to edit files that you don't own yourself with vi or kate.
I suppose because the effective mask is r--
Any help is welcome
---------- Post updated at 18:50 ---------- Previous update was at 18:28 ----------
I have read that it is possible to define a mask.
I have a try and give news.
---------- Post updated at 20:35 ---------- Previous update was at 18:50 ----------
Have set mask
Code:
setfacl -R -m u::rwx $A_PUB_FOLDER #//set user to rwx
setfacl -R -m g::--- $A_PUB_FOLDER #//set group to ---
setfacl -R -m o::--- $A_PUB_FOLDER #//set other to ---
setfacl -R -m g:publicuser:rwx /$A_PUB_FOLDER #//set group publicuser to rwx
# Set default
setfacl -R -d -m u::rwx $A_PUB_FOLDER #//set user rwx default
setfacl -R -d -m o::--- $A_PUB_FOLDER #//set other --- default
setfacl -R -d -m g::--- $A_PUB_FOLDER #//set group --- default
setfacl -R -d -m g:publicuser:rwx /$A_PUB_FOLDER #//set group publicuser to rwx default
# set mask
setfacl -R -m m::rwx $A_PUB_FOLDER #//set mask to rwxsetfacl -R -d m::rwx $A_PUB_FOLDER #//set mask to rwx default
#
Nothing new.
OK ==> user not in group publicuser cannot access folders owned by publicuser.
OK ==> user in group publicuser can create/edit files they owned in any folders owned by publicuser.
bad ==> A user (belonging to publicuser) in it's own folder cannot edit files created by other users (belonging to group publicuser).
bad ==> until A user (belonging to publicuser)edit bor create a file, the file mask return to r--
Why are ACL's being used here? Is this a network filesystem or other such thing where it might be required?
For the moment it is on a simple linux multi-user box.
As said at post #1
Quote:
A group 'publicuser' has been created.
A user 'publicuser' has been created ( no login, no home) and belongs to group 'publicuser'.
A public folder '/doc' has been created and owner is publicuserublicuser.
All users belonging to group 'publicuser' can create folder under'/doc'.
All users belonging to group 'publicuser' can create folder in other user's folder as far as they reside under '/doc'. User's folder are just non private folders.
All users belonging to group 'publicuser' can read, write, modify any type of files everywhere Independently of whom is the owner, as far as they reside under '/doc'.
Only owner can delete objects.
File cannot be executed.
You can 't do that with just chmod. You need ACL.
Everybody can do any action in the folder /doc ( or any sub-folders). But in that folder ( or sub-folders ) they may not delete any object they do not owned.
Everybody can do any action in the folder /doc ( or any sub-folders). But in that folder ( or sub-folders ) they may not delete any object they do not owned.
You can do that with just chmod, ACL's not needed. Set the folder U+S, just like they do on /tmp/, and you will only be able to delete your own files. G+S has a different meaning, it forces the group of created files to be the same group as the directory.
You can do that with just chmod, ACL's not needed. Set the folder U+S, just like they do on /tmp/, and you will only be able to delete your own files. G+S has a different meaning, it forces the group of created files to be the same group as the directory.
[edit] Jim already suggested this a week ago.
As I have already said that does not do what I want
Using G+S in PUBLIC SHARED FOLDER
a) deletion of not owned files forbidden : OK
b) creation in user's folder : OK
c) creation in other user's folder : OK
d) editing files owned by others in its own user's folder : KO access denied
d) editing files owned by others in any other folder ( owned or not owned ) : KO access denied
files are marked as
user::rw-
group::r--
other::r--
My test script in pseudo code :
Code:
chown -R publicuser:publicuser $A_PUB_FOLDER
chmod u+s $( find $A_PUB_FOLDER -type d )
test script : acl_sample_11.sh
see details : SUSE Pastesu to root
for each public folders
step 1 remove all acl
step 2 remove all files and subdiretories
step 3 create $A_PUB_FOLDER
step 4 chown -Rv publicuser:publicuser $A_PUB_FOLDER
chmod -v 0770 $( find $A_PUB_FOLDER -type d )
chmod -v u+s $( find $A_PUB_FOLDER -type d )
step 5 if $A_PUB_FOLDER == $A_SPECIFIC_PUB_FOLDER
step 5-a create another subfolder $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER
step 5-b
chown -Rv publicuser:publicuser $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER
chmod -v 0770 $( find $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER -type d )
chmod -v u+s $( find $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER -type d )
step 7 for some user in list
step 7-a
create sub folder $A_PUB_FOLDER/$A_USER
step 7-b
chown -Rv publicuser:publicuser $A_PUB_FOLDER/$A_USER
chmod -v 0770 $( find $A_PUB_FOLDER/$A_USER -type d )
chmod -v u+s $( find $A_PUB_FOLDER/$A_USER -type d )
step 8
step 8-a su to user1 ; create test file in $A_PUB_FOLDER/user1
step 8-b su to user2 ; create test file in $A_PUB_FOLDER/user2
step 8-a as user2 create test file in $A_PUB_FOLDER/user1
Try using the sticky bit, like the way the /tmp directory is set up.
Apply the stick bit to all directories, and set ownership of them to publicuser.
acl's will work but are complex as you found.
chown -R publicuser:publicuser $A_PUB_FOLDER
chmod 1770 $( find $A_PUB_FOLDER -type d )
test script : acl_sample_10.sh
see details : SUSE Pastesu to root
for each public folders
step 1 remove all acl
step 2 remove all files and subdiretories
step 3 create $A_PUB_FOLDER
step 4 chown -Rv publicuser:publicuser $A_PUB_FOLDER
chmod -v 1770 $( find $A_PUB_FOLDER -type d )
step 5 if $A_PUB_FOLDER == $A_SPECIFIC_PUB_FOLDER
step 5-a create another subfolder $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER
step 5-b
chown -Rv publicuser:publicuser $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER
chmod -v 1770 $( $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER -type d )
step 7 for some user in list
step 7-a
create sub folder $A_PUB_FOLDER/$A_USER
step 7-b
chown -Rv publicuser:publicuser $A_PUB_FOLDER/$A_USER
chmod -v 1770 $( $A_SPECIFIC_PUB_FOLDER/SOME_FOLDER -type d )
step 8
step 8-a su to user1 ; create test file in $A_PUB_FOLDER/user1
step 8-b su to user2 ; create test file in $A_PUB_FOLDER/user2
step 8-c as user2 ; create test file in $A_PUB_FOLDER/user1
Hello, I have a question regarding ACLs and their availability across different Unix platforms via NFS share.
If I have an AIX/FreeBSD/Solaris/HP-UX client that has an nfs share from a different system mounted on it, will the ACLs on the nfs share be processed properly?
My guess is that as... (2 Replies)
I'm trying to set up a folder in my home directory that will be shared with another user but for some reason it is not working this is what I've done, I have tried two different ways using ACL's and chown/chgrp etc
I set up a group called say: sharedgroup and added both my user (john) and fred... (3 Replies)
Hello,
I am using unix through cygwin application in my office machine and here i encounter a problem which i want copy certain big files from a shared folder
shared folder--\\Parwvm000154\docs
to my local machine c:/
I'm really honor if i clarified with the command.
Regards... (1 Reply)
Hi,
In our bank production environment - IBM AIX 5.3, we have a particular parent folder inside which an application creates temporary folders & files. These temp folders exist for the lifetime of the user session within the application and then get deleted automatically.
Since these temp... (1 Reply)
Hi All
Everytime a reboot my machine "hostB" I have to mount a shared (with machine "hostA" ) NFS folder giving this command
sudo mount hostA:/sharedFolder /sharedFolder
How to use fstab in order to do this automatically?
I should say
hostA:/sharedFolder /sharedFolder ... (0 Replies)
hello
i wanted to ask you
i try to setting:
pc server name: A
pc user name: B
pc user name: C
server A is opensuse 11.2 with kde 4.3.5 and last kernel
so i create NFS server, i think.. folder (/usr is all softwares and library) because
server A can share to PC A.
because all... (0 Replies)
Hi all,
I have the following code to check the whether the folder is exist in my system.
if ; then echo 'folder exist'; else echo 'folder not exist'; mkdir /home/batch/testing ; fi
When I remove the "testing" folder from "/home/batch" directory, the code is working fine. But when I... (2 Replies)
Hi,
I generated a script that will create the list of dir/sub-dir and will allow to create the same on diff server. this is what i have done :
#!/bin/ksh
# Script to migrate the directory between the two servers.
# Ver 0.1
# Author Krishna. D
# c - create and e - extract directory
if ;... (1 Reply)