On 3/29/06, Eric Shubes wrote: > > Nathan England wrote: > > I have a folder called /files > > everyone has access to this folder, but there are a few folders inside > that > > only a few people are allowed to access. What is the best way to allow > > everyone access to the /files directory but only allow those required to > have > > access to the specific folders inside? > > > > Do I create a seperate share for each specific folder? > > I want to avoid mapping more drives to the users. Can I change the > access > > permissions on the windows machines? I don't want to make it too > confusing. > > What is the best way? > > > I'm not sure of the best way. > I think I would create a new group for the 'few people', and make them > members of the group. Then change the groupid of the restricted folders > to the new group, and turn off 'other' permissisions on said folders. > Then you can give the share for /files to everyone. > I'm pretty sure that'll work for you, but I'd test it to be sure. > -- > -Eric 'shubes' [...] > comment from Mike Schwartz: umm, I think there may be a way to do this with access control lists. If an ignorant lurker may insert his 0.02 The problem with groups, as I understand it, is that if you want a person to be able to be a member of several of them, (especially if the groups are not monotonically nested), then a given person might have to have "more than one" userid (not a cool solution...); Whereas with an acl, I think there is much more flexibility. I have used ACLs before under VAX/VMS, but for Gnu/Linux, I do not know the details. However: The textbook being used for CIS238DL at GCC this semester (a Linux class taught by "Ray Esparza" ) (Sobell, Mark G., A Practial Guide to Red Hat Linux, 2nd ed., Prentice-Hall PTR, 2005) (ISBN 0131470248) says on page 927 to see the acl man page for more information. It also says that ACLs are part of Solaris, Win 2000/XP, VAX/VMS, and mainframe OSs, and that they are available under Fedora Core 2 (so presumably Fedora Core 2 "and later"). I hope this helps. -- Mike Schwartz Glendale AZ schwartz@acm.org Mike.L.Schwartz@gmail.com