Q. Multiple Group access/permissions

Q. Multiple Group access/permissions

Post by Joshua C Aleman » Mon, 22 Apr 1996 04:00:00



I am a relative novice (and somewhat unwilling) sysadmin of a small
office network of about 30 PCs connected to an SGI Indy (Irix5.3) that
exports a shared drive.  The PCs connect via PCNFS Pro.  My problem is
that I want to create different access levels for the different users on
the system.  I know how to set-up groups and set file permissions.  But
I want to give certain executives and finance offiers access to files
owned by other groups, without giving world access to those files. Since
the users connect via PCNFS Pro, they do not have a shell where they
could use multgrps to belong to more than one group ant the same time.

Is there a way of setting up a default so that the CFO (for example)
belongs to more than one group all the time, without having to invoke
multgrps from a shell window each time he logs on.

Or is there another way of doing this altogether?  Essentially, I want
to set up incremental access to certain files. Everyone would have
access to files in /pub.  Group Sales would have acess to files in
/sales and /pub. Group Product would have access to files in /product,
/sales and /pub.  Group Exec would have access to /exec, /finace, /sales
etc. etc.  I will settle for being able to give this type of incremental
access to certain users as opposed to whole groups.

Thanks for any help, in advance.

Joshua

----------------------------------------------------------------------
Joshua Alemany
Product Manager, Rosco Laboratories Inc.
800-767-2669, FAX 914-937-2566
http://www.rosco.com


 
 
 

Q. Multiple Group access/permissions

Post by Ale » Thu, 25 Apr 1996 04:00:00



Quote:>Or is there another way of doing this altogether?  Essentially, I want
>to set up incremental access to certain files. Everyone would have
>access to files in /pub.  Group Sales would have acess to files in
>/sales and /pub. Group Product would have access to files in /product,
>/sales and /pub.  Group Exec would have access to /exec, /finace, /sales
>etc. etc.  I will settle for being able to give this type of incremental
>access to certain users as opposed to whole groups.
>Thanks for any help, in advance.

Perhaps a somewhat dirty solution: hard link directories.

example:

d--------- root  other   /no-access      (nobody gets in)
drwxr-x--- root  sales   /sales          (only group sales can go in)
drwxr-x--- root  finance /finance        (only finance)

dr-xr-xr-x root  other   /sales/bin      (must have access to sales)
dr-xr-xr-x root  other   /finance/bin    (... or finance)
dr-xr-xr-x root  other   /no-access/bin  (to enter bin)

All three dirs bin are really the same dir.
The same approach for files and users.

It is a hard-to-implement solution and care needs to be taken.
A better solution would be ACLs but if there's something available ???
This will work however, assuming linking directories can be done on
your OS.

experiment and succeed

Alex