Help with Linux Permissions Assignment

bigredthelogger · 02-26-2010, 04:20 PM

Can someone point me in the right direction. One of my Linux assignments is confusing the hell out of me. The assignment says I am not allowed to use ACL.

Group A) Has write access to the file
Group B) Has read access to the file
Group C) Has no permissions to the file

How can I assign all of these permissions to a file?

frieza · 02-26-2010, 04:59 PM

chmod and chown and chgrp are probably what you are looking for
since its an assignment thats about as specific as i dare get

bigredthelogger · 02-27-2010, 02:39 PM

Thanks however, I already understand what commands and how they work. The problem I am having, is it does not make logical sense that this task can be completed.

There are three groups: group1 , group2 and group3. Each group has two users user1 and user2.

For this solution group1 has a file and needs rwx and group2 needs to just be able to read it. I dont' understand how this can work. I set the
group owner to group1 and the owner of the file to user1. So I would use chmod 774 fileA but this would also allow group3 to be able to read this file which is not allowed.

Can you help me figure out, how can you assign a group to a file that has read, yet have another group assigned to this file with no access. If I was going to do this my way, I would simply not put the user that should not access the file in the group. But this project requires three groups as described above.

bigredthelogger · 02-27-2010, 04:02 PM

This thread is what I am looking for but without the commands they are using, as I am not allowed to use those for this project.

https://www.linuxquestions.org/quest...groups-268214/

TheNewVegas · 02-27-2010, 04:09 PM

Hey, I am also looking to an answer to this situation... how can you set permissions on a directory or file so that certain groups can do one thing and other groups can have other permissions such as only read?

GazL · 02-27-2010, 04:24 PM

bigred' You're quite correct. It can't be done using standard unix permissions. A file can belong to one owner and one group only. This is why ACLs were added.

Is it possible you're misunderstanding the requirement?

bigredthelogger · 02-27-2010, 04:48 PM

Let me try and rephrase the question.

Directory A needs to be modifable by <groupa> and readable by <groupb>.
I am only allowed to use standard and special linux permissions (no ACL).

GazL · 02-27-2010, 05:00 PM

Nope, still not understanding. What are 'special' linux permissions?

Using standard UNIX permissions, GroupB would have to be granted read access to the directory via the 'others' permissions because the group permissions field would be needed for GroupA to be granted read/write, and going back to your first post that would also allow anyone else in, including groupC, which you said shouldn't have access to it.

bigredthelogger · 02-27-2010, 05:25 PM

GazL that is exactly the issue.

No matter how I do it, I am not able to have GROUPA with modify to a file and GROUPB with read to a file, while denying everyone else.

The assignment states "ACLs may NOT be used in this assignment"

GazL · 02-27-2010, 05:52 PM

Yep. And I agree bigred' if that is indeed what the assignment is asking for, then they might as well have asked you to "Cut down the largest tree in the forest with a herring!"

The only solution I could think of to get even anywhere near this is by using separate directories each with a hardlink to the same file, but it's ugly as hell and wouldn't work for a directory as you can't create hardlinks to a directory.

Like this:

Code:

root@nix:/home/gazl/testdir# ls -lR
.:
total 8
drwxr-x--- 2 root groupa 4096 2010-02-27 22:37 groupa/
drwxr-x--- 2 root groupb 4096 2010-02-27 22:36 groupb/

./groupa:
total 4
-rw-rw-r-- 2 root groupa 8 2010-02-27 22:36 file

./groupb:
total 4
-rw-rw-r-- 2 root groupa 8 2010-02-27 22:36 file

groupa would gain access to the file via directory 'groupa' and read/write access to the file via the 'group' permissions on the file itself.
groupb would gain access to the file via directory 'groupb' and read access to the file via the 'others' permissions on the file itself
groupc wouldn't be able to get into either directory at all.

The above is not at all practical in the real world and ACLs are the correct solution to this type of problem. I don't expect your assignment would be expecting a solution like this involving hardlinks though.

I'd love to know exactly what solution your teacher was expecting. Could it be a trick question? Perhaps you're meant to go back and say it can't be done.

lwasserm · 02-27-2010, 07:13 PM

Here's a clue: Make group C the group of the file.

If you need a 2nd clue, it's 704

whizje · 02-27-2010, 09:47 PM

Set the directory with the file to groupC and set the file to groupA now you have only to figure out the permissions.

GazL · 02-28-2010, 07:08 AM

Quote:

Originally Posted by lwasserm

Here's a clue: Make group C the group of the file.

If you need a 2nd clue, it's 704

That wont meet the groupa needs 'write' requirement.

GazL · 02-28-2010, 07:38 AM

Quote:

Originally Posted by whizje

Set the directory with the file to groupC and set the file to groupA now you have only to figure out the permissions.

Nice one whizje. I take my hat off to you.

Use of group permissions subtractively is not something you tend to see in the real world as it's really not all that practical or sensible a way to manage privileges. I'd forgotten it could be used that way.

bigredthelogger · 02-28-2010, 02:35 PM

Thanks for everyone's help. This really made things clear. I can't wait to start using ACLs instead :P