LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-31-2005, 11:17 PM   #1
hitomi
LQ Newbie
 
Registered: Jul 2005
Location: Malaysia
Posts: 1

Rep: Reputation: 0
permission of accessing file


I'm using Win 2000 as my network server now. However, Win 2000 it seems like not very efficiency such as it doesn't allow more than 10 internal ip access at the same time to the server. I have heard that Linux server is unlimited accesses for internal ip, is it true?

I'm trying to convert the current window environment to linux environment. Now, I am testing use the Fedora Core 4 as my file server. I have setup the file server by Samba and I make all the settting through SWAT. Samba is quite effcient to use but my problem now is could I be able to set some particular host users enable to read and write but some host users are only read without write to a particular file?
 
Old 07-31-2005, 11:32 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
If your windows 2000 server only has a 10 client license, then it will limit it to 10 simultaneous connections.

Unfortunately, your linux distribution will need to support ACLs to get such fine grained access control on files.
 
Old 08-01-2005, 12:31 AM   #3
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
All you should need to do is add the 'acl' mount option to the filesystem that your data is on and you can use ACLs on any file. From Linux you'll need to use cli tools getfacl and setfacl to change ACLs. At one point Samba supported editing of the ACLs via Explorer on a client machine, I don't know if this is still true or how well it works though.
 
Old 08-01-2005, 12:35 AM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
For my own education, how do ACLs interact with standard unix permissions? Maybe I need to set up a scratch partition for myself to play with ACLs on.
 
Old 08-01-2005, 12:45 AM   #5
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
ACLs are essentially an extension of standard unix permissions. Instead of having one set of user, group and other on a file you can also assign extra users and groups, but you can only use the standard set of rwx permissions in your ACLs.

The worst part is that a lot of tools don't understand ACLs well, so if you use tar to backup your data I don't believe it'll grab the ACLs so when you restore it you'll only get the basic unix permissions. I do think however that the basic tools like cp, mv, etc work with them fine.

The + at the end of the rights is to denote that an ACL is on that file.

Code:
$ls -l
-rw-r-xr--+ 1 user group 0 2005-08-01 01:42 blah
$ getfacl blah
# file: blah
# owner: user
# group: group
user::rw-
user:ftp:r-x
group::r--
mask::r-x
other::r--
$ cp -p blah blah2
$ ls -l blah*
-rw-r-xr--+ 1 user group       0 2005-08-01 01:42 blah
-rw-r-xr--+ 1 user group       0 2005-08-01 01:42 blah2
 
Old 08-01-2005, 12:47 AM   #6
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Hrrm... I think it will be really good once all (almost all) software works nicely with ACLs. Linux has been begging for some nice fine-grained access control for a while. I have to admit, it's probably one of the few things Windows does (semi) well.
 
Old 08-01-2005, 12:50 AM   #7
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
ACLs are generally overkill and just make access rights hard to follow, if you find yourself using ACLs a lot you've probably not layed out your users and groups properly =)
 
Old 08-01-2005, 09:11 AM   #8
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Hrrm. Then how can one create a file writable by users a,b,c and readable by users d,e,f?
 
Old 08-01-2005, 10:00 AM   #9
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Depends on whether you want to use user's specifically or groups the users are in like you should.
 
Old 08-01-2005, 12:17 PM   #10
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
I understand that, but even then, I don't see a way to do it with groups. I've long used groups for multiple user access to files, but never been able to use two groups on one file.
 
Old 08-01-2005, 12:46 PM   #11
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
You need ACLs to use multiple groups. Were you asking how to do it with or without ACLs?
 
Old 08-01-2005, 12:58 PM   #12
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
I was just pointing out that sometimes ACLs can be really handy.
 
Old 08-01-2005, 01:28 PM   #13
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Obviously they're not useless or people wouldn't want them, but they can also cause a lot of confusion as to what permissions are actually being applied to an object. 90% of the time standard unix permissions work just fine.

Also sometimes you can use another layer to handle the odd cases, for instance Samba lets you specify rights in the share definition that are applied on top of the filesystem rights.
 
Old 08-01-2005, 01:31 PM   #14
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
So, with ACLs, I assume that on a fs with ACLs, you could have MOST files without ACLs using standard unix permissions and just add ACLs in those cases where it is needed?
 
Old 08-01-2005, 01:34 PM   #15
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Yea, ACLs aren't applied to files unless you explicitly do so.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission Denied for script accessing text file lobo1 Linux - General 2 06-28-2005 12:46 PM
permission problem accessing ntfs drive in MDK jmcdonald21 Linux - Hardware 2 03-28-2005 12:19 AM
accessing file shadowsurfer Linux - Newbie 5 09-17-2004 02:34 PM
accessing file using ip pantera Programming 2 09-09-2004 04:43 PM
Accessing Win2K Shares-permission denied bdog Linux - Networking 4 01-26-2002 07:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration