LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-15-2006, 05:33 PM   #1
keex
Member
 
Registered: Jun 2002
Location: Berlin / Germay
Distribution: gentoo linux, ubuntu
Posts: 40

Rep: Reputation: 17
Arrow extended user rights in multiple groups


hello,

I have two groups, group staff and employees and one directory in which both groups may place files in. The employees group may only remove files from their own group but not from the staff group, while the staff group may remove files from both groups (their own and employees).
I've been trying to solve this the usual way, giving the directory to the employees group (all staff are also in the employees group), but the problem is that then employees can simply remove files owned by staff member from that dir. Otherwise, the dir belongs to the staff, the employees won't be able to create file withing that dir...

I don't speak fluent ACL which I know would be perfect for this situation. I'd appreciate it a lot if someone could help me out.
 
Old 03-15-2006, 08:15 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
If you only want the owner of a file to be able to delete a file, then you could set the sticky bit on the directory containing the file.

Otherwise, how you do it may depend on whether you are wanting acl support for a samba share, or if these are users of the server itself.
Also, whether the kernel has acl support and what filesystem is used for the partition. There is a Samba-XFS ACL howto on the web. Also, the Samba 3 documentation may contain more recent information.

SELinux also offers more granualarity in controlling types of access.
Some of these options may need preplanning however. If you use reiserfs in SuSE, an ACL reiserfs option is selected by default during the installation. It is possible in your case that a reformatting of the filesystem, and maybe even recompiling your kernel may be needed.

( Oh, by the way, Happy Birthday! Mine was just last week. )

Last edited by jschiwal; 03-15-2006 at 08:25 PM.
 
Old 03-15-2006, 08:22 PM   #3
keex
Member
 
Registered: Jun 2002
Location: Berlin / Germay
Distribution: gentoo linux, ubuntu
Posts: 40

Original Poster
Rep: Reputation: 17
no, I do not want only the OWNER, but a whole specific (staff) group to delete file(s) ..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
multiple groups permissions steve007 Linux - Newbie 2 07-01-2005 12:24 PM
Multiple Group Rights to One Directory JWatson Linux - Security 4 12-31-2004 01:13 PM
Giving Kppp rights to other users n groups xxx_anuj_xxx Linux - Security 5 12-22-2004 06:12 PM
Squid proxy with user authentication and user rights duvanhorn Linux - Networking 0 08-07-2003 03:40 AM
groups and file rights tstuhr Linux - Networking 1 10-05-2001 01:06 PM


All times are GMT -5. The time now is 08:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration