LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-14-2012, 01:12 AM   #1
ajaygarg
Member
 
Registered: Mar 2010
Location: New Delhi, India
Distribution: Fedora
Posts: 94

Rep: Reputation: 0
How to have specific user-permissions for a group of files?


Hi all.

I am wanting to have a situation, wherein only a particular user can read-only/write-only/read-write to a group of files.

So, what would be the best way to go about this? Two broad alternatives come to my mind ::

a)
Specifying rules in the already existing configuration files (I could google the details of the files, but let's not delve into the details for the moment).

b)
Write (Code), and load a Loadable-Kernel-Module (LKM), that hacks on the syscall -table, and does all the checking/processing there.


What would you suggest ?


Looking forward to ideas.


Thanks and Regards,
Ajay
 
Old 08-14-2012, 01:35 AM   #2
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
I guess you mean to say user A can read, user B can write and user C can do both?

You might be able to do it with normal permissions (not sure if rw--w-r-- will exactly achieve what you need). And else you can look at ACLs.

I further think that you need to elaborate a bit. I might have missed something but what kind of configuration files are you talking about? This would imply permissions via some specific application and not necessary at file system level.
 
Old 08-14-2012, 01:52 AM   #3
ajaygarg
Member
 
Registered: Mar 2010
Location: New Delhi, India
Distribution: Fedora
Posts: 94

Original Poster
Rep: Reputation: 0
Thanks Wim for the reply.

Ok, so here is my exact usecase ::



I want just one user/process to be allowed to read a group of files. This user is not necessarily the root.

So, if the "other" is a user, a maximum of two users - one "root" (by definition), and the "other" user (by some configuration) would be able to read the specific group of files.

If the "other" is a process, only the "root" user (by definition), and the "other" process (by some configuration), would be able to read the specific group of files.




So, yes, a generic "rw--w-r--" wouldn't help

Also, I was mainly talking about "/etc/sudoers", where (I think) there are provisions to set user/process-specific permissions (please correct me if I am wrong).



So,
what would be your suggestion now

For brevity, please note that the "root" (the superuser) would have the permissions to alter the "rules". This is as expected for the superuser.



Thanks and Regards,
Ajay
 
Old 08-14-2012, 02:21 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
You can do that setting the owner to the user who can write to the file and a group that can only read. The permissions would be u=rw,g=r,o= or 0640. If you want more users or groups to be able to access the file with different permissions, then look at using ACLs. You uses setfacl to set acls and getfacl to read them. The file system needs to be mounted with the `acl' option, and the file system needs to be a native Linux file system that supports them.

You can even use acls with a cifs mount from another Linux samba server.

Last edited by jschiwal; 08-14-2012 at 02:22 AM.
 
Old 08-14-2012, 03:01 AM   #5
ajaygarg
Member
 
Registered: Mar 2010
Location: New Delhi, India
Distribution: Fedora
Posts: 94

Original Poster
Rep: Reputation: 0
Thanks jschiwal for the reply.

Hmm.. I had a first look at Linux-ACLs tutorial; and it seemed good. It provides the finest control possible, when only users/groups are involved.

Wim, jschiwal,
What would you suggest, when such fine grained control is needed on a per-process basis? Does anything similar exist, or I will have to go for a KLM?


Thanks Wim and jschiwal.


Thanks and Regards,
Ajay
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Group permissions: user can't access 770 directory even though a member of group jm34003 Linux - Security 13 05-16-2012 03:03 PM
Allow specific user to su as well as Wheel Group mccartjd Linux - Newbie 8 03-22-2012 11:47 PM
Secondary group users need to change the file permissions of primary group files? sunnybmv Linux - Newbie 3 12-10-2009 05:57 PM
Granting full read/write permissions to all files for a specific user laserjim Linux - Security 10 01-31-2009 12:17 PM
How to set permissions for a specific group? tigerhuang Linux - Security 1 12-10-2004 06:59 PM


All times are GMT -5. The time now is 03:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration