Unix Permissions

[Kurt Granroth]

On Tuesday 23 July 2002 05:41 am, George Toft wrote:
> I was given this puzzle, and told it cannot be solved using Unix:
>
> You have a file that needs protected from prying eyes.  You must allow
> only 5 people read access, and 4 people read/write access.  The rest of
> the world cannot be allowed to view it.  What set of Unix permissions
> and ownership can support this?

I think this is possible with standard permissions... in a roundabout way.  

Let's say that the secret file is called 'secret_file'.

The part about the 5 that can read and everybody else can't do anything is 
easy.  Create a group "jusfive" and do the following:

% chmod g+r-wx,o-rwx secret_file
% chgrp jusfive secret_file

This allows only those in the group 'jusfive' to read the file and doesn't 
allow anybody to write to it.

Now the roundabout part.  Create a new user 'jusfour' and allow the 4 
special people to somehow become that user.  I recommend 'sudo' but in 
various ways, su and ssh would work.  Then do the following:

% chown jusfour secret_file
% chmod u+rw secret_file

That should do it.  The only downside that I can see, offhand, is that the 4 
special users could potentially change the permissions of 'secret_file' to 
be more permissive unless you were very careful.
-- 
Kurt Granroth - "KDE -- Conquer Your Desktop"
KDE Developer/Evangelist | granroth@kde.org
http://www.granroth.org  | kurt@granroth.org