groups and file/folder permissions
I'm a little confused here...
I have an few people who work on client folders. I want them to log into the server and edit files from there. I have a www folder. The contents of this folder should be editable only by the staff group. If a user creates a file I want anyone in that group to automatically be able to edit that file. Do I have to do a manual chgrp on all of these files? Inside the www folder I have a folder called clients. I want anybody who is a member of the authors group to be able to edit these files. If a user creates a file in the clients folder any other user who is a member of that group should automatically be able to edit the file as well. I know this sounds goofy, but I seem to be having a hell of a time getting this simple permissions stuff working... gr... |
#
Sticky bit mode: After execution of a job, the command is kept in the system memory. Originally this was a feature used a lot to save memory: big jobs are loaded into memory only once. But these days memory is inexpensive and there are better techniques to manage it, so it is not used anymore for its optimizing capabilities on single files. When applied to an entire directory, however, the sticky bit has a different meaning. In that case, a user can only change files in this directory when she is the user owner of the file or when the file has appropriate permissions. This feature is used on directories like /var/tmp, that have to be accessible for everyone, but where it is not appropriate for users to change or delete each other's data. The sticky bit is indicated by a t at the end of the file permission field: |
but I want everyone in the group 'authors' to be able to edit the contents of ...../www/clients, no matter who created the file
and only members of staff to be able to edit the contents ......./www, no matter who creates the file |
try this -i'm not sure though..
make users who you want to edit the files belong to one group - "authors"... they will have write privillege drwxrw-r-x users:authors /www/clients drwxr-xr-x root:root /www |
that doesn't quite work as well, with the sticky bit set or not a file created by a member of the staff group in the www folder is not editable by anyone else in that group still
same problem goes for the clients folder the only way that I can make it editable by anybody in that group is to chgrp or chmod it - the file is still not erasable by anyone even in that case |
check previous post -it's modified
|
I'm not sure if I'm answering your question here but:
chgrp staff /www <-- makes /www owned by the group "staff" chmod g+w /www <-- makes /www writable by the group chmog o-w /www <-- makes it read-only by the rest of the world chgrp authors /www/clients <-- makes /www/clients owned by the group "authors" chmod g+w /www/clients <-- makes /www/clients writable by the group. The other two things you should verify are:
Hope some of that helped... -fudam |
Quote:
|
LOL! Hey look, we have a similar question that I recently asked
http://www.linuxquestions.org/questi...d.php?t=482967 be careful about playing around with the ACL that the other person mentions. I tested it on my /home directory and it kind of fudged up everything. Even rebooting is not giving the proper permissions, even though it'll say RWXRWXRWX and not give me access to my /home directory. Weird I'm still trying to figure this out before I do it on my real production server. |
okay, I think I understand what I need to do - though I'm not sure how to go about it quite yet!
When I create a user who is a member of the staff or authors group logs in .bashrc needs to fire off umask #### so that files are automatically created with permissions of rw-rw-r-- correct? - on a side note I realized that in the www folder I have a folder called includes which includes passwords for database connections. It seems that there is no way to not allow all users to read the contents of this folder without stopping apache and/or php from reading it as well, does that sound about right? thanks! |
I found this great page that should help us both. Will try this when I get home on my test server
http://www.cse.ohio-state.edu/sce/re...rectories.html Quote:
|
Quote:
------ Quote:
apache is already in the "apache" group, so you can add members to the apache group if you want ONLY apache and those specific members to read it. But if you want it to go the other way (apache can't read it) then just remove the read permission from "others" (chmod o-r /directory) and make sure it's not owned by the group "apache". Does that answer your question? |
All times are GMT -5. The time now is 03:50 PM. |