I'm not sure I fully understand, esp. if ftpuser1 is a user or a group, so a few comments here:
- I don't see amgr permitted to edit the file - would need write permission as well.
- SUID won't modify any permissions on a data file (which I conclude from the "extension"), but will modify the UID of the process running a command (for every user running it) so it might access files with the user's (amgr's) ID.
- assigning ftpuser1 to group u00 might help given not too many users are in the u00 group and group access will be extended.
The Following User Says Thank You to RudiC For This Useful Post:
Phew! I've read this many times and I'm not sure that I understand either. Anyway,
Is there a reason why you can't create a separate group for write access users and set the file group setting to that group with rights ='rw'
So the file has group <newgroup> with 'rw' rights. ftpuser1 is also in group <newgroup> so gets 'rw' rights to the file.
(Remember that a user can be a member of more than one group.)
Unless you're worried about who can read the file you can give the world read rights. World='r'.
Therefore, ftpuser1 is (perhaps) the only member of a new group which can read/write the file (modify).
If you want a user to be able to write (and I mean create the file) then they'll need write access to the directory above (and there are various ways you can do that too).
Perhaps you need to explain things to us all a bit more.
Last edited by hicksd8; 10-04-2017 at 12:49 PM..
The Following 2 Users Say Thank You to hicksd8 For This Useful Post:
It's getting complicated because we don't know what other users you have.
The suggestion from hicksd8 to have a new group is a good one.
How does the file arrive? If it is created by amgr, then amgr would also need to be in the group. A simple chgrp newgroup DCI.dat should then suffice. The account amgr already has write permission so that should not be an issue. Name your new group something sensible so you know what it is for and don't abuse it.
An alternate may be to use Access Control Lists (ACLs) but they are OS dependant and may not be recovered if you restore a file. What OS and version are you using? If the suggestion above does not help, I@m sure we can work something out.
The Following 2 Users Say Thank You to rbatte1 For This Useful Post: