Access Rights how?

silwerspawn · Apprentice Joined: 01 Feb 2007 Posts: 183

I have a shared folder on my server where some of the users who access them need to have write capability
and some only read

example:
spawn, alundra and other admins needs to have "rwx" on the folder /share/Movies and /share/games
but
Christian, Brian, Aslund etc. shall only have "r--" on the folder /share/Movies and /share/games

How do i do that?

Januszzz · Posted: Sat Aug 16, 2008 1:21 pm Post subject:

Hi,

1. create group called "masters": groupadd masters
2. change directory owner to root:masters: chown -R root:masters /share/Movies
3. add users who can write into the directory to masters group: usermod -a -G masters spawn (then alunda etc).
4. change the directory [ermissions to allow masters write to it and others to execute it: chmod 775 /share/Movies.

Do the same to the second directory.

You can also fine tune your settings using Access Control Lists; this requires mounting with acl command and mastering setfacl/getfacl commands.

silwerspawn · Apprentice Joined: 01 Feb 2007 Posts: 183

Nice thanks i will look into it.

while searching for good ways to do it i ended up looking at SELinux do you know anything about that?
or is that too extreme for this purpose?

timeBandit · Posted: Sat Aug 16, 2008 3:11 pm Post subject:

SELinux definitely goes far beyond what you need here. Its purpose is to define, manage and enforce a tremendous range of security policies, including fine-grained control over the resources and actions that individual programs may use. For what you want to do, the traditional UNIX file permissions model (users/groups/others) and possibly ACLs will be sufficient.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.