LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-28-2010, 08:18 AM   #1
/dev/me
Member
 
Registered: May 2008
Distribution: Slackware 13
Posts: 116

Rep: Reputation: 20
Permissions on enterprise manyuser system...


I work in a Windows world, and I am encountering many situations where several groups of people need read-only access to certain files or directories and other groups need write access to them, while still world permission is set to none.

But I've so far only used Linux on my own personal machines, so this was never an issue. But now I'm working towards a many-user system, and I shamefully having to admit I have no idea how to do this on Linux.

I tried googeling, but it appears to me the owner-group-world permission /is/ the system to use.

So how do you give write access to a selection of user groups and read-only permission to another set of user groups? The owner-group-world system isn't flexible enough for this (as far as I can tell) and ... eh ... I was thinking perhaps with SELinux or something? (as a Slackware user I'm not really confident with SELinux)
 
Old 12-28-2010, 08:56 AM   #2
jv2112
Member
 
Registered: Jan 2009
Location: New England
Distribution: Arch Linux
Posts: 719

Rep: Reputation: 103Reputation: 103
man chown

man chmod
 
Old 12-28-2010, 09:31 AM   #3
/dev/me
Member
 
Registered: May 2008
Distribution: Slackware 13
Posts: 116

Original Poster
Rep: Reputation: 20
Yes, thank, I'm familiar with chmod and chown and for that matter, man

But that doesn't quite explain to me how to embed different groups into a permission system, or figure a way around it.


For example, I have a directory called /finance

I want the managers and auditors to be able to read in that directory, and the beancounters and IT staff to write in that directory. The rest of the organisation cannot access that directory.

In Windows, I set different groups on the directory:
DR_FINANCE_RO => gets read permission
DR_FINANCE_RW => gets write permission

Now I add the managers and auditors to DR_FINANCE_RO
And the beancounters and IT staff to DR_FINANCE_RW

But I want to replicate this functionality on Linux.


So my question really is more of a matter of how do I set several groups on a direcotry structure. I know about chmod g+s, not about how to set more than one group permission on a directory?
 
Old 12-28-2010, 09:46 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
You can use acls. If you don't have the setfacl program, you may need to install the acl package. Also, add "acl" to the mount options in /etc/fstab.

See the examples at the end of the setfacl manpage. They are easier to understand.

You will need to add individual users to the groups, instead of adding groups.

Last edited by jschiwal; 12-28-2010 at 09:47 AM.
 
Old 12-28-2010, 09:47 AM   #5
kforbus
Member
 
Registered: Sep 2009
Location: Maryland
Distribution: Slackware
Posts: 68

Rep: Reputation: 28
Sounds like you're wanting to use ACL's. I would recommend reading up on linux filesystem ACL's and maybe the man pages for setfacl and getfacl. And if I remember correctly, you'll also need to have support for this enabled in your kernel and you'll need to add the acl option to your /etc/fstab.
 
Old 12-28-2010, 10:12 AM   #6
/dev/me
Member
 
Registered: May 2008
Distribution: Slackware 13
Posts: 116

Original Poster
Rep: Reputation: 20
Hey! This looks hopeful! Thanks very much


I understood correctly it is not possible to embed groups into groups as you do in Windows, right?

Such as: user john is a member of the group auditors and the group auditors is member of the groups DR_FINANCE_RO, DR_AUDIT_RW, DR_WHATEVER_RW and APP_OFFICE_RUN

So that if sarah becomes auditor, I only have to add her to auditors(group) and she gets all of the above automagically?

Not that it's necessary, just wondering then what the best way to handle it is? For example, I want all auditors to get DR_FOO_RO also, I'd need to pick all auditors manually and add them to the group manually?
 
Old 12-28-2010, 10:08 PM   #7
kforbus
Member
 
Registered: Sep 2009
Location: Maryland
Distribution: Slackware
Posts: 68

Rep: Reputation: 28
I'm not aware of any way to add a group to a group in Linux. You should, however, be able to write a shell script to help you with adding all the users from one group to another. That way your effort can be put into writing a script once that you can use over and over with minor edits instead of moving users between groups by hand. I'm not really sure how many users you're dealing with, though. But if it's a lot, I wouldn't even think of adding them all to a group manually. Alternatively, if your Linux boxes authenticate with a central directory server like Active Directory, you could just do the group manipulation there and call it a day.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] VOIP Asterisk as enterprise phone system? angel115 Linux - Software 2 10-27-2010 04:32 AM
management system for Redhat Enterprise qnde2k Linux - Enterprise 1 10-03-2010 07:02 PM
[msec] *** Security Check on q.enterprise.com -- Permissions changes sleepyz Mandriva 3 10-01-2009 07:15 PM
any software for enterprise document management system??? yenonn Linux - Software 2 09-14-2005 01:44 AM
System Freeze when loading up Enterprise snoopyswiss Red Hat 2 07-20-2004 12:34 AM


All times are GMT -5. The time now is 02:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration