Hi, I have to solve an apparently simple permission problem, and I don't know if it's the sunny weather or birdsong, well... I just can't figure it out. Here goes. I have a bunch of users in a public library. Some are "administrators": they handle the library, write the docs for everyone, etc. Then you have the "agents", who take care of lending books and fetch them when they get returned. And then you have the odd anonymous user, using the PC with a guest account. Let's make thing simple and start out with one machine. Every single user has a /home/<user> directory. Plus, I added the following directories: /home/pub and /home/echange Then, I created two groups, "administrators" and "agents". Here's what I'd like to achieve (but I think my IQ is just below the required limit :oD): 1) Members of the "administrators" group have unlimited read/write access to /home/pub and below. 2) Members of the "agents" group have read-only access to /home/pub and below. 3) All the others (that is, members of neither "administrators" and "agents") have no access at all to /home/pub, not even for listing the directory content. The thing is: I can't seem to formulate my problem in terms of user/group/others, as there are no owners, but two distinct groups involved. Any idea how to crack that nut? Niki
> 1) Members of the "administrators" group have unlimited read/write > access to /home/pub and below. > > 2) Members of the "agents" group have read-only access to /home/pub and > below. > > 3) All the others (that is, members of neither "administrators" and > "agents") have no access at all to /home/pub, not even for listing the > directory content. > > The thing is: I can't seem to formulate my problem in terms of > user/group/others, as there are no owners, but two distinct groups > involved. > > Any idea how to crack that nut?Have you looked at using ACLs? Just make sure that any backup software you use can handle them.
Hi Niki,> I have to solve an apparently simple permission problem, and I don't > know if it's the sunny weather or birdsong, well... I just can't figure > it out. Here goes. > ... > The thing is: I can't seem to formulate my problem in terms of > user/group/others, as there are no owners, but two distinct groups > involved.ACLs might help: - http://acl.bestbits.at/about.html - http://www.suse.de/~agruen/acl/linux-acls/online/ Regards, Chris
On Tue, July 7, 2009 7:45 am, Niki Kovacs wrote:> Hi, > > I have to solve an apparently simple permission problem, and I don't > know if it's the sunny weather or birdsong, well... I just can't figure > it out. Here goes. > > I have a bunch of users in a public library. Some are "administrators": > they handle the library, write the docs for everyone, etc. Then you have > the "agents", who take care of lending books and fetch them when they > get returned. And then you have the odd anonymous user, using the PC > with a guest account. > > Let's make thing simple and start out with one machine. Every single > user has a /home/<user> directory. Plus, I added the following > directories: > > /home/pub > > and > > /home/echange > > Then, I created two groups, "administrators" and "agents". Here's what > I'd like to achieve (but I think my IQ is just below the required limit > :oD): > > 1) Members of the "administrators" group have unlimited read/write > access to /home/pub and below. > > 2) Members of the "agents" group have read-only access to /home/pub and > below. > > 3) All the others (that is, members of neither "administrators" and > "agents") have no access at all to /home/pub, not even for listing the > directory content. > > The thing is: I can't seem to formulate my problem in terms of > user/group/others, as there are no owners, but two distinct groups > involved. > > Any idea how to crack that nut? > > Niki > _______________________________________________You might want to use ACL's or access control lists to set multiple users and groups with specific permissions. Take a look at http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html. This is a decent tutorial and I'm sure there are many others if you google linux ACL's. Hope this helps Bo Lynch
http://rofi.roger-ferrer.org/eiciel/?s=2
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
On Tue, 2009-07-07 at 13:45 +0200, Niki Kovacs wrote:> /home/pub > > and > > /home/echange > > Then, I created two groups, "administrators" and "agents". Here's what > I'd like to achieve (but I think my IQ is just below the required limit > :oD): > > 1) Members of the "administrators" group have unlimited read/write > access to /home/pub and below. > > 2) Members of the "agents" group have read-only access to /home/pub and > below. > > 3) All the others (that is, members of neither "administrators" and > "agents") have no access at all to /home/pub, not even for listing the > directory content. > > The thing is: I can't seem to formulate my problem in terms of > user/group/others, as there are no owners, but two distinct groups > involved. > > Any idea how to crack that nut? >--- You just Cracked that Nut Yourself! You know what you want to do. You layed it out think. man chown and man chmod is your friends chgrp also. John