Re: NTFS style permissions on Linux


Walter Mautner wrote:

Gazza enlightened us alt.linux - (ab)users with:

Hi. Thanks for the replies. The equivalent permissions I require are
(Group based) :

Traverse folder / execute file = Allow
List Folder / Read Data = Allow
Read Attributes = Allow
Read Extended Attributes = Allow
Create Files / Write Data = Allow
Create Folders / Append Data = Allow
Write Attributes = Deny
Write Extended Attributes = Deny
Delete Subfolders and Files = Deny
Delete = Deny

Linux acls do not match windows permissions 1:1, it would actually make
no sense to be able to write a file but not be able to delete - the
file can as well be "deleted" by writing /dev/null to it.
Maybe extended attributes allow something like that ...

Read Permissions = Allow
Change Permissions = Deny
Take Ownership = Deny

File permissions are controlled by the parent directory, to a good
extent. If the folder belongs to you, you can "take ownership" of the
files therein, by copying it (permissions will be set according to the
current directory owner/user) and then - regardless of the file owner -
deleting the original one.
You have no permission to add new files, when the parent folder does not
belong to you or /one of/ your group/s with proper permissions.
Linux acls only add additional permission (user/group) sets to a
existing file or folder, but cannot do more then the unix style acl set
already makes possible.
Caveat: messing with acls or getting users to mess with them, can have
undesirable side effects ...
--
vista policy violation: Microsoft optical mouse found penguin patterns
on mousepad. Partition scan in progress to remove offending
incompatible products. Reactivate MS software.
Linux 2.6.17-mm1,Xorg7.1/nvidia [LinuxCounter#295241,ICQ#4918962]

Hi - Thanks for the reply. I am seeing that this is not going to be
possible (probably) with Linux. FYI - The reason for these strange
permissions is for financial FSA regs. Once a document has been created
(normally from an electronic scan, or a computer generated legal
document), it must not be modified or deleted. Any changes to the
document must be saved as a separate new version. - Just in case you're
wondering !

Cheers

Gary

.

Relevant Pages

  • Re: NTFS style permissions on Linux
    ... Traverse folder / execute file = Allow ... Write Extended Attributes = Deny ... Linux acls do not match windows permissions 1:1, ...
    (alt.linux)
  • Re: folder permissions
    ... groups and something about deny over rides allow. ... groups assigned to this one folder and the same user has diff priv's ... permissions, everyone has full control. ...
    (microsoft.public.windows.server.general)
  • Re: folder permissions
    ... I will have this other folder I am trying to restrict permissions ... say) and "superceed" any NTFS permissions. ... groups and something about deny over rides allow. ... permissions, everyone has full control. ...
    (microsoft.public.windows.server.general)
  • Re: folder permissions
    ... and how the folder structure you require needs to be configured. ... groups and something about deny over rides allow. ... permissions, everyone has full control. ...
    (microsoft.public.windows.server.general)
  • Re: NTFS style permissions on Linux
    ... Traverse folder / execute file = Allow ... Write Extended Attributes = Deny ... Linux acls do not match windows permissions 1:1, ...
    (alt.linux)