Home | Content | Search | Navigation | Toolbox | Actions | In other languages

Talk:How to share directories between groups of users using ACL

From openSUSE

Fajar,

I see you put this in the Howto list. I also added a link back to your howto from the old 8.1 ACL howto in the see also section.

I made a change to the Enable ACL section.

I had changed it to read:

[edit]

=

The meaning of the first 2 above ACL commands is to set the default ACL for newly created files and subdirectories within the directory sales and finance such that they can be read/written by the sales and finance groups respectively.

The last ACL command adds a default read/write permission to newly created files and subdirectories to give users in the management group rw access.

If a sales or finance user creates a file that they do not want management to have access to, then after the file is created they can remove managements access via:

setfacl -x group:management <file>

[edit]

=

Hi Greg,

This is interesting.. so sales1 can prevent management from editing/reading their files?

  • If the user has shell access, how do we prevent him to use the command setfacl?
  • If the user doesn't have shell access to the server, do you think he can change the permission from GUI like windows explorer/nautilus? Assuming the directory got mounted into his PC.
[edit]

=

Hey Fajar (or anyone else reading this),

I'm new to this wiki thing too, but I deleted some of the above that seemed concluded/boring. If that is bad protocol someone should let me know.

Do you happen to know how the watch this page thing works? I expected to get an email when you edited this discussion. No such luck.

As to a "management" user with shell access using setfacl to regain access. If they don't have the root access, then they can't do it. If they have root they can normally do it.

OTOH, there is the secure linux stuff which takes a step beyond ACLs. I don't know much of anything about it, but I believe a user can stop even root from accessing their files. One of the drivers for secure linux is to allow Gov't confidential data to be stored on a computer without the sysadmin automatically getting access. I don't know how it is accomplished, nor if opensuse has any of that functionality? Maybe we should take that question back to the mailinglist.

Greg

Retrieved from "http://en.opensuse.org/Talk:How_to_share_directories_between_groups_of_users_using_ACL"
The content on this and other wiki pages is posted by community members who are not acting for or on behalf of Novell, Inc., whether or not they otherwise have affiliation with Novell.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 00:03, 5 June 2007. This page has been accessed 490 times.

Founded by Novell