Very Computer

Regards,
Norman

Let's say Tom,*, and Harry are normal users, but they need to have
access to a special shared folder. Create a new group called
"special-shared", change the group ownership of the shared folder to this
group, then make Tom,* and Harry members of this group as well as their
own original group.

Multiple access problems are easier to solve through manipulation of the
group membership of users than of folders. Just change the folder's group
ownership to a special group name, then edit the group membership of users.

--
Paul Lutus
www.arachnoid.com

I think you misunderstand my question. Say a folder may contain source
codes. Naturally managers want to able to read it, but no write access,
whereas programmers would have both read and write access. Someone just told
me there ACL that I can added to it.

Regards,
Norman

Your example, however, does not indicate any need for ACL's.  You simply
put the programmers into the group which has write access and leave the
managers out of that group.  Unix standard file permissions are
somewhat different from those of Windows.

As described, the "source_files" folder would list like this:

drwxrwxr-x    2 root     programm     4096 Sep 23 21:20 source_files

The three groups of three characters after "d" (directory) are for owner
permissions, group permissions, and other permissions. The programmers all
belong to the programmers group, so they can read, write and execute files.
The managers belong to any other group so they have "other" permissions,
read and execute, but not write.

Here is how to create it (assuming you have already created a new group
"programmers":

Quote:> cd / (or any other suitable location)
> mkdir source_files
> cd source_files
> chgrp programmers .
> chmod 775 .

Done.

--
Paul Lutus
www.arachnoid.com

e.g., managers, programmers, project assistants, hardware engineers, others

projA
  * subfolder1 (schematics, PCB layouts, designs)
  * subfolder2 (project documents)
  * subfolder3 (BOM cost)

managers           have rwx access to projA
hardware enginners have rwx access to subfolder1
project assistants have r x access to subfolder1 and
                        rwx access to subfolder2 and
                        r x access to subfolder3
programmers        have r x access to subfolder1 and subfolder2
others             have r x access to subfolder2

I'm under the impression that this cannot be done with standard linux
permissions. Do I still need xfs? Or would ACL work with ext2/ext3? I shall
read over http://oss.sgi.com/projects/xfs/ for its features and benefits. I
noted that xfs has just recently been included in the kernel 2.5 series. I
don't how stable it is in some of the distribution, namely Mandrake. A few
pointers in this regard would be greatly appreciated. TIA.

Regards,
Norman

Norman

However many groups you have, assign the folders to that many groups. Let's
say you have 500 folders, each with special, defined sets of users.

1. Assign each of the 500 folders to a new group.

2. Assign each of the users to any or all of the 500 groups, depending on
the access rights you want to grant.

A particular user might need to have access to all the odd-numbered folder
groups, another to all the even-numbered, a third to groups spelled only
with a "g". And so forth.

All these cases can be handled using normal Unix access permissions, by
assigning users to multiple groups.

The real problem you are going to face is determining the structure of
permissions, especially if a normal system maintainer will be responsible
for administering it. Actually getting Unix to do what you want will be the
easy part.

--
Paul Lutus
www.arachnoid.com

Quote:>It ... does ... not ... matter.

>However many groups you have, assign the folders to that many groups. Let's
>say you have 500 folders, each with special, defined sets of users.

>1. Assign each of the 500 folders to a new group.

>2. Assign each of the users to any or all of the 500 groups, depending on
>the access rights you want to grant.

>A particular user might need to have access to all the odd-numbered folder
>groups, another to all the even-numbered, a third to groups spelled only
>with a "g". And so forth.

>All these cases can be handled using normal Unix access permissions, by
>assigning users to multiple groups.

>The real problem you are going to face is determining the structure of
>permissions, especially if a normal system maintainer will be responsible
>for administering it. Actually getting Unix to do what you want will be the
>easy part.

Managers/auditors/inspectors/etc must have read access to many files to
which only competent/trusted persons should have write access. These
files might well need to be inaccessible to clerical/shipping/customer
service/top management staff.

"Others" must therefore have no access, and you only have one group per
file, which can either be allowed to write or not write, but obviously
not both.

There are ways of achieving something like this by encryption, links to
unprotected files which cannot be reached by directory traversal etc.,
but none of these methods are really satisfactory and all are equivalent
to low-quality ACL implementations.
--
Joe