Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using Win 2000 as my network server now. However, Win 2000 it seems like not very efficiency such as it doesn't allow more than 10 internal ip access at the same time to the server. I have heard that Linux server is unlimited accesses for internal ip, is it true?
I'm trying to convert the current window environment to linux environment. Now, I am testing use the Fedora Core 4 as my file server. I have setup the file server by Samba and I make all the settting through SWAT. Samba is quite effcient to use but my problem now is could I be able to set some particular host users enable to read and write but some host users are only read without write to a particular file?
All you should need to do is add the 'acl' mount option to the filesystem that your data is on and you can use ACLs on any file. From Linux you'll need to use cli tools getfacl and setfacl to change ACLs. At one point Samba supported editing of the ACLs via Explorer on a client machine, I don't know if this is still true or how well it works though.
ACLs are essentially an extension of standard unix permissions. Instead of having one set of user, group and other on a file you can also assign extra users and groups, but you can only use the standard set of rwx permissions in your ACLs.
The worst part is that a lot of tools don't understand ACLs well, so if you use tar to backup your data I don't believe it'll grab the ACLs so when you restore it you'll only get the basic unix permissions. I do think however that the basic tools like cp, mv, etc work with them fine.
The + at the end of the rights is to denote that an ACL is on that file.
Code:
$ls -l
-rw-r-xr--+ 1 user group 0 2005-08-01 01:42 blah
$ getfacl blah
# file: blah
# owner: user
# group: group
user::rw-
user:ftp:r-x
group::r--
mask::r-x
other::r--
$ cp -p blah blah2
$ ls -l blah*
-rw-r-xr--+ 1 user group 0 2005-08-01 01:42 blah
-rw-r-xr--+ 1 user group 0 2005-08-01 01:42 blah2
Hrrm... I think it will be really good once all (almost all) software works nicely with ACLs. Linux has been begging for some nice fine-grained access control for a while. I have to admit, it's probably one of the few things Windows does (semi) well.
ACLs are generally overkill and just make access rights hard to follow, if you find yourself using ACLs a lot you've probably not layed out your users and groups properly =)
I understand that, but even then, I don't see a way to do it with groups. I've long used groups for multiple user access to files, but never been able to use two groups on one file.
Obviously they're not useless or people wouldn't want them, but they can also cause a lot of confusion as to what permissions are actually being applied to an object. 90% of the time standard unix permissions work just fine.
Also sometimes you can use another layer to handle the odd cases, for instance Samba lets you specify rights in the share definition that are applied on top of the filesystem rights.
So, with ACLs, I assume that on a fs with ACLs, you could have MOST files without ACLs using standard unix permissions and just add ACLs in those cases where it is needed?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.