Multiple r/w, Multiple read?

Multiple r/w, Multiple read?

Post by Robert A. U » Wed, 30 Aug 2000 04:00:00



I have come up with an issue with, I believe, the granularity of the
Unix file mode system.  Perh. some of the more experienced admins can
help out here.

I have a directory tree shared with Samba.  The root of this tree is
owned by root:groupA--all users needing access aremembers of groupA.
Each directory therebelow has its own group owner--one is a member of
the appropriate group in order to have any access.  The setgid bit is
set on all folders, so that files created therein will have group mode
of rw and directories rwx.

Here is the porblem: I have one directory in which one group needs rwx
access to the directory, while another disjoint group needs only rx, and
I cannot make it globally read because the files must be secured.

I considered making members of both groups 1 and 2 members of a third
group, 3, which would have rx access, but that prevents members of
group1 from creating new files therein.  I cannot easily see any way out
of this bind.

Does anyone hae any ideas how thi might be solved?

--

Wouldn't you love to fill out _that_ report?  `Company asset #423423 was
lost while fighting the forces of evil.'                   --Chris Adams

 
 
 

Multiple r/w, Multiple read?

Post by Johannes Nies » Wed, 30 Aug 2000 04:00:00



Quote:> I have come up with an issue with, I believe, the granularity of the
> Unix file mode system.  Perh. some of the more experienced admins can
> help out here.

> I have a directory tree shared with Samba.  The root of this tree is
> owned by root:groupA--all users needing access aremembers of groupA.
> Each directory therebelow has its own group owner--one is a member of
> the appropriate group in order to have any access.  The setgid bit is
> set on all folders, so that files created therein will have group mode
> of rw and directories rwx.

> Here is the porblem: I have one directory in which one group needs rwx
> access to the directory, while another disjoint group needs only rx, and
> I cannot make it globally read because the files must be secured.

> I considered making members of both groups 1 and 2 members of a third
> group, 3, which would have rx access, but that prevents members of
> group1 from creating new files therein.  I cannot easily see any way out
> of this bind.

> Does anyone hae any ideas how thi might be solved?

Samba has the alternative way to create new shares and set their
properities via "write", "read", "force user=", "force group=" etc.

A workaround uses a dummy directory:

\
\dummy rwxrwx--- user.group3 (-> no world access)
\dummy\dir rwxrwxr-x user.group1 (voila!)

Johannes Nie?

 
 
 

Multiple r/w, Multiple read?

Post by Robert A. U » Wed, 30 Aug 2000 04:00:00


On 29 Aug 2000 18:15:05 +0200,


>Samba has the alternative way to create new shares and set their
>properities via "write", "read", "force user=", "force group=" etc.

I'd love to be able to create new shares.Unfortunately one of the
constraints we are under is that the directory structure must remain
_exactly_ as it is now.  Our users are managers and don't take well to
change.

Thanks v. much--I'll def. be doing things this way in the future.

Anyone know anything about ACL kernel patches?

--

In Africa, some of the native tribes have a custom of beating the ground
with clubs and uttering spine-chilling cries.  Anthropologists call this
a form of primitive self-expression.  In the West, we call it golf.

 
 
 

1. Solution: multiple Apache log files, multiple args to env=, multiple conditions to CustomLog directive

Here is a solution to a problem I had a little while ago.  I wanted to
have Apache keep 3 separate log files: 1 for requests from me, a 2nd
for nimda virus attacks, and a 3rd for everything else.

The key to the solution was to use "!" to unset environment variables
in certain cases.  Joshua Slive pointed this out for me.

I'm posting this here because I can't find a way to use Google to
reply to those old posts of mine.

Here's an example that will log requests from a specific IP address
(presumably the webmaster's) to one file, and log nimda virus attacks
to another file.  A third log file will hold all the remaining
requests.

#========================================================================#
SetEnvIf Remote_Addr "w\.x\.y\.z" localaccess=1
SetEnvIf localaccess 1 dontlog

# Here, !localaccess will keep nimda requests out of the localaccess
log.
SetEnvIf Request_URI "^/scripts" nimda=1 !localaccess
SetEnvIf Request_URI "^/c/winnt" nimda=1 !localaccess
SetEnvIf Request_URI "^/_mem_bin" nimda=1 !localaccess
SetEnvIf Request_URI "^/_vti_bin" nimda=1 !localaccess
SetEnvIf Request_URI "^/MSADC" nimda=1 !localaccess
SetEnvIf Request_URI "^/msadc" nimda=1 !localaccess
SetEnvIf Request_URI "^/d/winnt" nimda=1 !localaccess
SetEnvIf nimda 1 dontlog

CustomLog logs/localaccess.log combined env=localaccess
CustomLog logs/nimda.log combined env=nimda
CustomLog logs/everythingelse.log combined env=!dontlog
#========================================================================#

I've received a couple emails about this problem, so I figure this
will help someone out.

-Anthony
www.nodivisions.com

2. KDE2 prob: libkdecore.so.3 and symbols(?)

3. How can I multiple read() through multiple threads?

4. sun cluster for x86

5. multiple OS's on multiple partitions

6. Bill Gates Is A Baby-Eater

7. multiple NICs, multiple IP addresses?

8. looking for SOLARIS 2.4 File System Interface

9. multiple hosts and multiple ports in apache 1.1.1

10. How to control multiple server in multiple machines with a queue

11. Email setup, multiple accounts multiple people

12. Multiple hosts, multiple serve

13. Ownership of multiple groups, and being in multiple groups