Subject: Re: Permissions again...
From: Dejan Muhamedagic (dejanm@aon.at)
Date: Fri Jun 09 2000 - 11:46:56 EDT
Hello,
On Fri, Jun 09, 2000 at 03:43:42PM +0200, Jason Quigley wrote:
> Hi!
>
> I've got the following scenario:
>
> addroup macuser
> adduser --ingroup macuser jason
> adduser --ingroup macuser macguest
>
> /usr/sbin/afpd -n "$servername" -g macguest
So far so good.
> ls -l
> drwxrwx--x 22 jason macuser 1024 Jun 9 15:36 data
>
> => only creator (jason) can write to the disc. This doesn't make sense.
Not true. User jason _and_ all members of group macuser can
read/write/cd to this directory. The first triplet of permissions
is "user", the second "group" and the third "other". When a
process is trying to access the file (or directory), it is first
checked if he (the process owner) is the owner of the file, and if
it is so, then the first triplet is used to grant/deny access.
If he's not the owner, it is checked if he belongs to a group
which owns the file, and if so, the middle triplet is used.
Otherwise, the last one is checked.
It is not clear what do you want. Groups are created in order to
allow several users to have the same access (in respect to
read/write/cd,exec) to certain files/directories. Whether what
you did makes sense I can't say.
> Can somebody tell me what I'm missing before I'm driven to distraction and
> use the nearest heavy object to convince the server to do what I want?
Sure. Just use plain English.
Best regards,
Dejan
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:01 EST