[NTLUG:Discuss] Samba, ACL - permissions
Leroy Tennison
leroy_tennison at prodigy.net
Wed Jun 6 00:42:35 CDT 2007
Greg Edwards wrote:
> Set other permissions to r-- (read only) and any valid user can read files
> in that directory. You only need to deal with users that are allowed to
> write in a directory. Of course, if you want all users to be able to
> write set other to rw-. That should generate some SECURITY comments ;)
>
> Group management is allot easier than it seems. The number of groups that
> a user can belong to is larger than you'll ever make use of. A group can
> belong to a group. And groups are inherited.
>
Maybe I'm misunderstanding something, if the group "parent" is a member
of the group "child" and a directory has rwx for "child" (assuming
...rwx... where "child" is the group owner) then should members of
"parent" be able to write to this directory? If not then what is the use
of having groups be members of other groups?
I'm running CentOS 4.5 (a non-commercial RHEL 4 clone) and the following
doesn't work:
[root at linux-b /]# ls -ald family kids
drwxrwx--- 2 root parent 4096 Jun 6 00:55 family
drwxrwx--- 2 root child 4096 Jun 6 00:59 kids
[root at linux-b /]# cat etc/group | grep 50
ftp:x:50:
leroy:x:500:
pegasus:x:501:
parent:x:502:user1
child:x:503:user2,parent
[user1 at linux-b /]$ whoami
user1
[user1 at linux-b /]$ cat > kids/testing
-bash: kids/testing: Permission denied
[user1 at linux-b /]$ newgrp child
Password:
(According to the Red Hat documentation a password should be required
only for non-members of a group).
More information about the Discuss
mailing list