Hello group, this issue is driving me crazy, there just has to be a simple way to do this that I am missing! I have a share, SOP. The file system maps to /dir/dir/sop. If I have a set of users that need write access to this directory, but only want to allow another set of users read only access, how can I accomplish this? From the man pages, it looks like I can set the share to read only, and use the directive write list = @groupname to allow certain users write access to this read only share, but, I don't want to allow everyone read access, I want to only allow certain other users (that I can put in a group) read only access. Any ideas? Sincerely, Doug
Doug Tucker wrote:> Hello group, this issue is driving me crazy, there just has to be a > simple way to do this that I am missing! I have a share, SOP. The file > system maps to /dir/dir/sop. If I have a set of users that need write > access to this directory, but only want to allow another set of users > read only access, how can I accomplish this? From the man pages, it > looks like I can set the share to read only, and use the directive > write list = @groupname to allow certain users write access to this read > only share, but, I don't want to allow everyone read access, I want to > only allow certain other users (that I can put in a group) read only > access. Any ideas? > > Sincerely, > > Doug > >Yeah, like almost all permissions things, do this one at the file system level. Create a group 'writeGroup'; make perms like such: root:writeGroup 2664 /dir/dir/sop The setGid will ensure that all files written to sop are part of the write group, the owner has full control and writeGroup will have write perms, everyone else is read only. Also, you might want to set the sticky bit so only the owner can delete a file they created. That's how I'd do it, at least. I always do permissions at the lowest layer possible so I can easily change shares without worrying about share semantics. They get ugly when things start getting nested.
On Tue, Jun 24, 2008 at 11:55 AM, Doug Tucker <tuckerd@engr.smu.edu> wrote:> Hello group, this issue is driving me crazy, there just has to be a > simple way to do this that I am missing! I have a share, SOP. The file > system maps to /dir/dir/sop. If I have a set of users that need write > access to this directory, but only want to allow another set of users > read only access, how can I accomplish this? From the man pages, it > looks like I can set the share to read only, and use the directive > write list = @groupname to allow certain users write access to this read > only share, but, I don't want to allow everyone read access, I want to > only allow certain other users (that I can put in a group) read only > access. Any ideas? >Why not use the linux filesystem acls and set the users and groups that have permissions with that? John
Doug Tucker wrote:> From the man > pages, it looks like I can set the share to read only, and use the > directive write list = @groupname to allow certain users write access > to this read only share, but, I don't want to allow everyone read > access, I want to only allow certain other users (that I can put in a > group) read only access. Any ideas?valid users = @groupthatcanread,@groupthatcanwrite read only = yes write list = @groupthatcanwrite As other posters have mentioned, it's good practice to enforce this at the filesystem level too. Cheers Alex