Unix Permissions
G.D.Thurman
plug-discuss@lists.plug.phoenix.az.us
Tue, 23 Jul 2002 07:37:16 -0700 (MST)
On Tue, 23 Jul 2002, Scott wrote:
> Use ACLs. We do it all the time at work. Works like a charm.
>
I have no experience with ACLs, but based upon
a quick review of http://acl.bestbits.at/
I can see a non-trivial learning curve ahead
of me.
Using standard Unix permissions, I don't know
how the task can be implemented.
Reminder of the task at hand:
You have a file that needs protected from prying eyes.
You must allow only 5 people read access, and 4 people
read/write access. The rest of the world cannot be allowed
to view it. What set of Unix permissions and ownership can
support this?
Here is an example that does *not* work.
Lognames are: dmr, bs, ken, bwk, ark
Groupnames are: guru1, guru2
Filename is: foo
all users belong to group guru1
assume ark cannot write the file
assign dmr, bs, ken, bwk to group guru2
prompt: chown ark:guru2 foo # owner is ark and group is guru2
prompt: chmod 460 foo # r--rw----
This does not work because the owner of a file
can write it. If ark was a 'vi' user, then
to write the file he has to do a :w! rather
than :w (and 'vi' tells him this).