permission of accessing file
 

I'm using Win 2000 as my network server now. However, Win 2000 it seems like not very efficiency such as it doesn't allow more than 10 internal ip access at the same time to the server. I have heard that Linux server is unlimited accesses for internal ip, is it true?

I'm trying to convert the current window environment to linux environment. Now, I am testing use the Fedora Core 4 as my file server. I have setup the file server by Samba and I make all the settting through SWAT. Samba is quite effcient to use but my problem now is could I be able to set some particular host users enable to read and write but some host users are only read without write to a particular file?

If your windows 2000 server only has a 10 client license, then it will limit it to 10 simultaneous connections.

Unfortunately, your linux distribution will need to support ACLs to get such fine grained access control on files.

All you should need to do is add the 'acl' mount option to the filesystem that your data is on and you can use ACLs on any file. From Linux you'll need to use cli tools getfacl and setfacl to change ACLs. At one point Samba supported editing of the ACLs via Explorer on a client machine, I don't know if this is still true or how well it works though.

For my own education, how do ACLs interact with standard unix permissions? Maybe I need to set up a scratch partition for myself to play with ACLs on.

ACLs are essentially an extension of standard unix permissions. Instead of having one set of user, group and other on a file you can also assign extra users and groups, but you can only use the standard set of rwx permissions in your ACLs.

The worst part is that a lot of tools don't understand ACLs well, so if you use tar to backup your data I don't believe it'll grab the ACLs so when you restore it you'll only get the basic unix permissions. I do think however that the basic tools like cp, mv, etc work with them fine.

The + at the end of the rights is to denote that an ACL is on that file.

Hrrm... I think it will be really good once all (almost all) software works nicely with ACLs. Linux has been begging for some nice fine-grained access control for a while. I have to admit, it's probably one of the few things Windows does (semi) well.

ACLs are generally overkill and just make access rights hard to follow, if you find yourself using ACLs a lot you've probably not layed out your users and groups properly =)

Hrrm. Then how can one create a file writable by users a,b,c and readable by users d,e,f?

Depends on whether you want to use user's specifically or groups the users are in like you should.

I understand that, but even then, I don't see a way to do it with groups. I've long used groups for multiple user access to files, but never been able to use two groups on one file. :)

You need ACLs to use multiple groups. Were you asking how to do it with or without ACLs?

I was just pointing out that sometimes ACLs can be really handy. :)

Obviously they're not useless or people wouldn't want them, but they can also cause a lot of confusion as to what permissions are actually being applied to an object. 90% of the time standard unix permissions work just fine.

Also sometimes you can use another layer to handle the odd cases, for instance Samba lets you specify rights in the share definition that are applied on top of the filesystem rights.

So, with ACLs, I assume that on a fs with ACLs, you could have MOST files without ACLs using standard unix permissions and just add ACLs in those cases where it is needed?

Yea, ACLs aren't applied to files unless you explicitly do so.