I would like something that is network wide, so a group permission based scheme would be preferred, e.g. where a user is put in a group and that gives them read-only or read-write access, etc.
There are three basic permission bits u-g-o: set the "read-only" group the lowest level 'o=4' doing this at the mount point:
chmod 764 making 'o' "others" as the universal "read-only" group.
Then create one group e.g. 'writergroup' who thereby has r-w permissions to the volume.
~# groupadd -g 1200 writergroup
~# chown -R root:writergroup 'mountpoint'
~# chmod 764 'mountpoint'
That should make "you" the owner, to have read, write, execute permissions;
The 'writergroup' members to have read-write permissions to the volume; and
The 'others' (regular users) only have the read permission but cannot write.
You can now ignore all users who only have read access to the volume, and choose few to whom you may grant writing access:
~# gpasswd -M john,mary,magdalene,rashid,omar,abdul,mao_tzetung,brianAdam writergroup
I have been told that mediad can be used to manage this but I can't figure out how. I've also come across cgroup/ cgconfig but cannot figure that out either.
Excuse me. "cgroup" is not a toy in the userland. It was a system recently introduced by Linux Kernel coders to improve resource management and process accounting by the kernel. It is the plaything of the masters, but not for us.
How should I go about achieving this?
"The magic is in the magician; not in the wand." as I frequently enjoy reading it from someone's signature here. So, do it now and do it yourself. Manipulate the 3 permission bits.
Another trick: Set the previous case to chmod 740, create 'reader' group, chown the point as root:reader, by this only this group have access to it and only reading access; remount the same volume to another point and set it to be accessible exclusively by another group this time with different rights chmod it to 760. That way you have excluded 'others' (or regular users) from even reading the volume. Do not use " -R " switch as it will descend into the descendant folders and files. You have made the volume promiscuous, a security concern.
Hope that helps.