Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi everyone.
I was craking my head searching any answer, but i cant find anything.
I have shared folders in a server, this server have 6 users (nfs mounted) and i need that 2 users be superviser of their area. but the superviser must no be root users
EXAMPLE:
Group :FLINSTONE
FRED
Vilma
bambam
Group :SIMPSON
HOMER
Lisa
Bart
FRED must admin Vilma & bambam files (read, write, edit, change owner, like root) located into Vilma & bambam folders. Obviously Vilma and bambam cant edit FRED files. FRED must DONT HAVE access to SIMPSON folder.
As same way
HOMER need supervise, ( edit, read, write change owner like root) files of Lisa and Bart. Lisa and Bart have limited acces. And HOMER cant read FLINSTONES folders.
I remember in old novel 4.0 was possible. In linux using stiky bit, and ACL i can have right users access, but i cant find how FRED and HOMER can be supervisor of determined group.
well in terms of just implementing this on normal posix attributes, just have all all users in their own dedicated group and only add homer to the additional simpsons group, and fred to the flintstones ones. This may have implications on the other user attributes but from what you've given us, that does cover it.
If you don't want the Simpsons to be able to access the files belonging to the Flintstones, and vice-versa, then I'd put all of the Simpsons in one group, but make Homer the owner of all the files, and set the POSIX permissions on the files/directories as appropriate. Then do the same for the Flintstones, with all of the members in the Flintstone group, and Fred owning all the files.
If you want Fred and Homer to be able to chown files created by their family members, you're going to have to give them a method to do it. Only root and a file's owner can chown a file. Here's how I'd do it for Fred:
1) Create a script that chowns all files belonging to the Flintstones (let's say they're all at /mnt/Flintstones).
2) Make root the owner of the script, and the only user who can execute it.
3) Create a sudoers rule that allows Fred to run only that script.
Now he can take ownership of all the files in /mnt/Flintstones, and admin them to his heart's content, but he has no way to take control of anything in /mnt/Simpsons. Homer would then get a different script and sudoer rule.
If you don't want the Simpsons to be able to access the files belonging to the Flintstones, and vice-versa, then I'd put all of the Simpsons in one group, but make Homer the owner of all the files, and set the POSIX permissions on the files/directories as appropriate. Then do the same for the Flintstones, with all of the members in the Flintstone group, and Fred owning all the files.
If you want Fred and Homer to be able to chown files created by their family members, you're going to have to give them a method to do it. Only root and a file's owner can chown a file. Here's how I'd do it for Fred:
1) Create a script that chowns all files belonging to the Flintstones (let's say they're all at /mnt/Flintstones).
2) Make root the owner of the script, and the only user who can execute it.
3) Create a sudoers rule that allows Fred to run only that script.
Now he can take ownership of all the files in /mnt/Flintstones, and admin them to his heart's content, but he has no way to take control of anything in /mnt/Simpsons. Homer would then get a different script and sudoer rule.
so what's wrong with my suggestion? You didn't mention that the files GROUP can also have a rights level as well as the USER.
so what's wrong with my suggestion? You didn't mention that the files GROUP can also have a rights level as well as the USER.
I don't know what's wrong with your suggestion. That's for schlabs to decide.
I think if you read it again, I'm pretty sure you'll find a mention of groups in there. In fact, if you follow what I'm saying, then you'd realize that GROUP permissions are the whole point.
HOMER is a section chief of quality section of a company, so he need manage workers files ( Lisa & bart) like root. The workers generate files all time
FRED is the chief of research section of the same company.
Scripting is a valid option, admin work is not everytime done. Scripting be configured but is preferible as last resource.Can be a cron job too.
Obviously i prefer the automatic things. That HOMER can say this Lisa work to be continuated by Bart without any wait or task.
I don't know what's wrong with your suggestion. That's for schlabs to decide.
I think if you read it again, I'm pretty sure you'll find a mention of groups in there. In fact, if you follow what I'm saying, then you'd realize that GROUP permissions are the whole point.
yes but in your method once an arbitrary script has been executed, the other normal users can no longer edit their own file. That makes no sense. There is no need for any sudoing or anything.
yes but in your method once an arbitrary script has been executed, the other normal users can no longer edit their own file. That makes no sense. There is no need for any sudoing or anything.
if the non-special users are not in that group then they can't write to it. Just because there are seen two be two groups of users here, doesn't mean users in that logical group need to be in the same posix group.
if the non-special users are not in that group then they can't write to it. Just because there are seen two be two groups of users here, doesn't mean users in that logical group need to be in the same posix group.
Look, I'm not going to argue with you, because the thread is not about you. If the OP has any questions for me, I'll be happy to answer them.
if the non-special users are not in that group then they can't write to it. Just because there are seen two be two groups of users here, doesn't mean users in that logical group need to be in the same posix group.
how HOMER become special user???
Last edited by schlabs; 06-07-2011 at 07:45 AM.
Reason: added HOMER word
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.