>I would like to set up 3 groups, lets call them A, B, C. Users from A should
>have access files created by users in B or C. Users in B or C cannot access
>files created by users in A. Also users in B or C should not have access to
>each others files.
Do yo mean read-write or read-only access?
Quote:>How would I set up Umask to handle this? I've tried to create a primary
>group for all and secondary groups to reflect the permissions I'm after, but
>to no avail.
Each user should just have a primary group, no secondary group (at least
not among A, B, or C). The directories of the B and C users should have
group-id A and mode 2770 or 2750, depending on the answer to the above
question. The users' umasks should be 007 or 027, again depending on the
answer to the question. The set-gid mode on the directories will cause all
files created to be put in group A (even though the B and C users
themselves aren't in that group), which will allow the A users to access
them.
This was definitely a tricky one, and I was actually surprised that it's
possible.
Note that users in B cannot access other B users' files, and similarly C
users can't access each others' files. Your problem statement wasn't clear
on whether this is OK -- did you mean only that B users shouldn't be able
to access C files and vice versa? In that case, it should be much simpler.
B and C users should just have a primary group, while A users should have
secondary groups B and C. Each user's directory should be in their primary
group with mode 0770 or 0750, and the umasks should be the same as in the
above solution.
--
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Don't bother cc'ing followups to me.
by