RE: file permissions

From: Lunt, Nick (Nick.Lunt_at_wesleyan.co.uk)
Date: 10/20/05

  • Next message: thierry itty: "Re: file permissions"
    Date: Thu, 20 Oct 2005 10:50:22 +0100
    To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
    
    

    Hi,

    > -----Original Message-----
    > From: Muhammad Rizwan [mailto:rizwan@nixpanel.com]
    > Hello
    >
    > I want to give different permissions on same file/directory
    > to 2 or more
    > users. How i can do that?
    > Plz keep in mind that all these users may or may be member of same
    > group.
     
    I believe you want to look at setfacl and getfacl.

    To use ACL's the filesystem where the file(s) reside needs to be mounted with the acl option.
    $ grep acl /etc/fstab
    /dev/vg01/lvol01 /home/oracle ext3 defaults 1 2

    Here is a basic rundown of using ACL's I wrote to help our unix juniors which my prove useful.

    Access Control Lists

    ACL's enable us to set permission on files/directories outside the normal chmod abilities.

    To set and view ACL's we use setfacl and getfacl respectively.
    To use ACL's the file system in question has to be mounted with the acl option.

    Here's an example -

    Set ACL's on /home

    # grep home /etc/fstab
    # /dev/vg00/lvol04 /home ext3 acl 1 2

    Create a file on /home named afile

    # echo 'echo This file contains ACLs' > afile
    # chmod 700 afile
    # ll afile
    # -rwx------ 1 root root 0 Oct 20 10:30 afile

    Get the default ACL for afile

    # getfacl afile
    # file: afile
    # owner: root
    # group: root
    user::rwx
    group::---
    other::---

    As it stands only root cat do anything at all with this file.
    Use an ACL to enable the group tsg to execute afile.

    # setfacl -m g:tsg:rx afile

    # getfacl afile
    # file: afile
    # owner: root
    # group: root
    user::rwx
    group::---
    group:tsg:r-x
    mask::r-x
    other::---

    # ll afile
    # -rwxr-x---+ 1 root root 31 Oct 20 10:32 afile

    As you can see root is still the only user that has access to afile, but because of the ACL users in the group tsg can execute it.

    Now lets enable user oracle to read it only.

    # setfacl -m u:oracle:r afile
    # getfacl afile
    # file: afile
    # owner: root
    # group: root
    user::rwx
    user:oracle:r--
    group::---
    group:tsg:r-x
    mask::r-x
    other::---

    Now oracle can read the file but cannot write or execute it.

    All this has been done without using chmod on the file, it is still owned by root:root .

    Wesleyan Administration Services Ltd registered number 5188850 and Wesleyan Unit Trust Managers Ltd registered number 2114859 ("WUTM Ltd")
    are wholly owned subsidiary companies of Wesleyan Assurance Society, whose registered number is ZC145.
    WUTM Ltd is a member of IMA. For ISA/PEP/Unit Trusts Administration Centre: PO Box Basildon SS15 5WQ Telephone: 0870 601 6129
    Wesleyan Assurance Society and WUTM Ltd are authorised and regulated by the Financial Services Authority.
    Head Office, Colmore Circus, Birmingham B4 6AR. Telephone: 0121 200 3003 Fax 0121 200 2971.
    Website: www.wesleyan.co.uk Telephone calls may be recorded for monitoring and training purposes.

    CONFIDENTIALITY NOTICE

    This communication and the information it contains is intended for the person or organisation to whom it is addressed. Its contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you are not the intended recipient, please contact us immediately.

    The contents of any attachments in this e-mail may contain software viruses, which could damage your own computer system. While every reasonable precaution to minimise this risk has been taken, we cannot accept liability for any damage that you sustain as a result of software viruses. You should carry out your own virus checking procedure before opening any attachment.

    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: thierry itty: "Re: file permissions"