This is one of the major limitations of the standard Unix file permissions system. The only way I know of to achieve this using just one directory is to use ACLs (access control lists, see man getfacl/setfacl), but unfortunately these are not supported by all filesystems, or by all OS's and/or utilities... e.g. some backup software will not back them up.
This is unfortunate because they are very useful for some other things, such as setting default permissions on files and subdirectories created in the directory.
One other option you have is to use a structure like this:
Then ensure that all members in group1 are also in group2 (but not the reverse, i.e. group2 is a superset of group1). That way a user in group2 can descend to the /topdir/subdir directory, wherein they effectively have read-only rights by virtue of the "other" attributes. Users in group1 can descend into that directory too because they are also members of group2, and can modify the files because of their group write access. Users in neither group can't even enter the /topdir so they can't access the files at all.
You'll notice I have set the setgid bit on the subdir - this ensures all files in that directory are created with group1 ownership. You may also need to consider setting appropriate umasks for the process(es) that create files in this directory so that they are created as 664 instead of 644, i.e. umask 002.
Hi.
My example:
I have a filesystem /log. Everyday, log files are copied to /log. I'd like to set owner and permission for files and directories in /log like that
chown -R log_adm /log/*
chmod -R 544 /log/*It's OK, but just at that time. When a new log file or new directory is created in /log,... (8 Replies)
Hello,
drwxr-x--- 21 root system 4096 Jan 25 10:20 /testdir
here owner is root, group is system.
1) is it possible to add multiple groups to "/testdir" files/directories ?
if yes, please provide me the command.
my requirement is to
provide read-only access to user1 on /testdir... (6 Replies)
Hi
I need to permit one group to have r-x permissions on all files in a directory and another group to have just read access, im confused how to do this as if i set the 'Other' permission class as read access then all users will have access to them.
So basically i have a directory which the... (2 Replies)
Hi friends,
I would like to grant a management capability for a specific application to my user test. Application is installed under /opt/myApp and has startup and management scripts under directories bin and sbin. This application is installed by root and can be managed by root. For security... (0 Replies)
hi
i have a directory called dbms and group dba.... My question is how do i set full permissions i.e read/write/execute for all user(in dba group) for the directory dbms.
If i use the following cmd
chmod g+rwx dbms
here in above cmd ..which group it denotes..how AIX will know (3 Replies)
Hi,
I have a directory /u01/source.
Following are current permission on directory source.
oracle@TEST # ls -l source
drwxrwxrwx 2 user1 userbi 31232 Apr 8 13:33 EG1
drwxrwxrwx 2 user1 userbi 1024 Apr 8 05:45 E2
drwxrwxrwx 2 user1 userbi 57344 Mar 15 10:22 h5
There is another ... (4 Replies)
Hi,
A simple and silly question on Unix.
I have a directory named "a" and I would like to grant permission to group name "text" to access, read and execute my directory.
Could anyone help me?
Thanks. (2 Replies)