Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 10-14-2010, 08:49 PM   #1
Registered: Sep 2010
Posts: 46

Rep: Reputation: 7
File permission question

Ok so I have a folder:


and I have 2 groups:

accounting, accountingAdmin

I want to have all 'accountingAdmin' users have full rwx permission on anything inside /folder.

I want to have all 'accounting' users to have only r-x permission on anything inside /folder.

Lastly I want to have everyone else have --- permission on /folder. In other words, if your not in accounting or accountingAdmin groups, you cant do squat with /folder (read, write or execute).

How can I achieve this with only owner, group, and other permissions?
Old 10-14-2010, 08:57 PM   #2
Registered: Jun 2007
Distribution: Debian, SLES, Ubuntu
Posts: 308

Rep: Reputation: 50
Might want to look into ACLs. You can do things similar to what you are looking for with them.
1 members found this post helpful.
Old 10-22-2010, 05:35 PM   #3
Registered: Sep 2010
Posts: 46

Original Poster
Rep: Reputation: 7
So, I didn't think that this was pertinent to solving this issue, but I should have mentioned this is for a Samba server and Windows users. Linux ACLs don't map to Windows ACLs. I have looked through the following link:

but this doesn't tell me (plainly) how this is done. Does anyone have a reader friendly walk through they can link me or post some steps on how this is done? If you need examples of what I am trying to accomplish I can post some.

Old 11-02-2010, 03:05 AM   #4
Registered: Sep 2010
Posts: 46

Original Poster
Rep: Reputation: 7
I accidentally double I'm removing this post for the below post. it has more info.

Last edited by unassassinable; 11-02-2010 at 01:17 PM.
1 members found this post helpful.
Old 11-02-2010, 01:14 PM   #5
Registered: Sep 2010
Posts: 46

Original Poster
Rep: Reputation: 7
Ok so, heres my situation and how I solved the problem for future googlers:

I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech.
I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute.
I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech.

simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:

Trying to fix this problem i found literally HUNDREDS of these thread and this same question posted EVERYWHERE. And every answer was the do it with umask. by changing EVERYONES umask in /etc/profile to 027 and create a cronjob that fixes all permissions to 0750 every minute. This is BS. I aint doing that...

Here's how to do it.

#mkdir tech
#chown root:tech tech/
#chmod g+s tech/
#chmod 0750 tech/
#setfacl -d -m g:techAdmin:rwx tech/
when you run getfacl tech, you should see:

# file: tech/
# owner: root
# group: tech
# flags: -s-
BUT WAIT THERES MORE! This company uses Windows clients we need essentially the SAME setup for them too. This can be accomplished in SAMBA. Your smb.conf file tech share should look like this:

        comment = Tech department only
        inherit acls = Yes
        path = /mnt/tech
        guest ok = no
        browseable = yes
        create mask = 0750          #this forces all created documents to have 750 perms
        directory mask = 0750       #same for directories
        force group = tech          #this is so that all files written to the share will be set to "chgrp tech" if you dont do this only the user that created the file will have access to it.
        write list = @techAdmin     #only the group that has write privileges
        valid users = @tech
user1 and user2 can now log into Windows OR linux, create or modify existing files within the tech directory. user3 and user4 can also log into Windows OR linux, but only have read access...they cannot create, modify, delete.

Last edited by unassassinable; 11-02-2010 at 01:16 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux file/directory permission question cpthk General 11 09-04-2009 01:32 AM
Quick File permission question james.farrow Linux - General 4 02-15-2007 07:18 AM
File Permission Question coopns Linux - Newbie 2 06-18-2004 01:44 PM
a question about file permission tony yu Mandriva 5 04-13-2004 10:18 AM
file/directory access permission question correro Linux - General 4 05-22-2003 07:48 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration