PDA

Click to See Complete Forum and Search --> : help with permissions without using ACLs

ehco2121
02-09-2008, 07:33 PM
hey, im pretty new to linux and this is my problem

i have a directory called test and two groups called teachers and students.

the teachers group has to have read write and execute permissions for the directory test, while the group students can only have read access

and i cant use ACLs to make this happen so if anyone has any links or any information on how to accomplish this it would be greatly appreciated

Thank you =]
leonpmu
02-10-2008, 01:03 AM
Are you trying to do this using Samba or stright Linux?

If it is straight Linux then you can possibly use the following rwxrwxr-x which I think is 775 which basically translates to owner full permissions, roup full, other read only and execute If you are doing a samba share that is altogether different.

et me know
bwkaz
02-10-2008, 05:28 PM
If you only have one user in either of those groups, then you can do what you need. If you have multiple users in those groups, then it's completely impossible.

The Unix permissions model chooses one of three fields to apply, based on who the user is: if the user is the file's owner, then the user field applies, otherwise, if the user is a member of the group that owns the file, then the group field applies, otherwise, the everyone field applies. You get all permissions that are set in the appropriate field, and no others. On a directory, the right to create and delete files in that directory is "write", the permission to ask what files exist is "read", and the permission to enter the directory is "execute".

If you want one group to have rwx (so they can list the directory, enter the directory, and create/delete files), but you want another group to have r only (which is WRONG on a directory: you should give rx, since otherwise the users can't actually enter it -- oh, and the directory's permissions do not apply to both the directory and the files, only the directory), and you also want everyone else to have no access, that's impossible. You NEED to use either ACLs, or some other non-Unix-permission-model (like what Samba has), to accomplish that.

Sorry...

(Personally, I'd recommend having any user (e.g. root) and the teachers' group own the directory, and setting the permissions to rwxrwxr-x. But that assumes that everyone other than members of the teachers' group (and the directory owner) can be allowed to look in the directory. If there are any other users that can't be allowed into the directory, then this won't work.)