On Tue, 23 Jul 2002, Scott wrote:

> Use ACLs.  We do it all the time at work.  Works like a charm.
>
I have no experience with ACLs, but based upon
a quick review of  http://acl.bestbits.at/
I can see a non-trivial learning curve ahead
of me.

Using standard Unix permissions, I don't know
how the task can be implemented.

Reminder of the task at hand:

   You have a file that needs protected from prying eyes.
   You must allow only 5 people read access, and 4 people
   read/write access.  The rest of the world cannot be allowed
   to view it.  What set of Unix permissions and ownership can
   support this?

Here is an example that does *not* work.

  Lognames are:  dmr, bs, ken, bwk, ark
Groupnames are:  guru1, guru2
   Filename is:  foo

all users belong to group  guru1
assume  ark  cannot write the file
assign  dmr, bs, ken, bwk  to group  guru2

prompt: chown ark:guru2 foo   # owner is  ark  and group is  guru2
prompt: chmod 460 foo         # r--rw----

This does not work because the owner of a file
can write it.  If  ark  was a 'vi' user, then
to write the file he has to do a  :w!  rather
than  :w  (and 'vi' tells him this).