ammorais

2 more questions if you have some time

I was checking the ACL and founf this in order to have it working

for example if it were / instead of home of the other I told /var /usr
doing that mount will impact users or applications? I mean do I have to schedule a downtime for that mount command

second

even using this granularity permission strategy (ACL) would still risky to assign read permissions to those folders???

sorry for this I am pretty newbie

thinking this over

it is the same I mean adding normal R permissions or using setfacl.... so I either need to read about Role-based access control or explain to my customer why changing to R it's no a good idea at all

Think about this; normally, the default perms on /var, /opt are correct. Think about what you are trying to accomplish, do you really need to mess with them?

If you want an area where people can share files, then the usual approach is

1. create newuser, newgrp
2. create the home dir for newuser, newgroup
3. chmod g+s newgrp newdir
4. add newgrp to reqd users as a 2ndary group

If(!) you need to go into even more fine-grained ctrl, then add ACLs to the above.
Note that the

mount -o remount,acl /newdir

can be done on the fly, ie no reboot reqd. See also tune2fs eg

tune2fs -l |grep options

will show if acls are already turned on.
http://linux.die.net/man/8/tune2fs

HTH

Why exactly would you want to mess with /var, /opt?

thanks for the info

just a question what do you mean by chmod I mean that does the s mean

yeah just a customer who is asking that and I already told him but needs more info why this can not be done

basically I need the path where they want to have read access
so I have to check them and see what I can do

thanks a lot

chmod g+s newgrp newdir

add sgid (set group id) of newdir 'permissions' to newgrp; basically forces all files created therein to have group ownership of newgrp, regardless of creator's grpid.
http://linux.die.net/man/1/chmod

eg
rwxrwx--- becomes rwxrws---

HTH