Is it me or is it sudo?
James Wilkinson
fedora at aprilcottage.co.uk
Fri Mar 30 19:39:05 UTC 2012
Reindl Harald wrote:
> sounds more you do not understand what ACLs are for
>
> how could a private user group replace ACLs?
> if you have different users and groups which needs
> defined permissions you will always need ACLs because
> chmod can only reflect the primary group
>
> for restrict access to a single user you need no ACL
> chmod 600 does this for you
It was in the old Red Hat Linux manuals (for example, section 6.4.1 of
ftp://archive.download.redhat.com/pub/redhat/linux/7.3/en/doc/RH-DOCS/pdf-en/rhl-rg-en.pdf):
IF you want a shared directory (say a project directory) writeable
by some but not all users,
AND IF you don’t want to use ACLs¹,
THEN you need to have that directory and everything in it owned by a
suitable group (and set to be group-writeable).
IF you don’t want to have users having to play around with
ownership and permissions all the time,
THEN you need to have the setgid bit on the folder set (which makes
all new files and directories automatically have the appropriate
group)
AND you need to have umask set to 002 (which makes all new files and
directories group-writeable).
From there, it follows that the easiest way to do this is to make 002
the default umask, which means that all new files and directories
created by normal users have these permissions. That means that if you
want files that only their owner can write to, you need a per-user
group.
It makes perfect sense.
James.
¹ This predated Linux ACLs, anyway.
--
E-mail: james@ | And that bird was singin' up a storm. Chirp, pause,
aprilcottage.co.uk | chirp. Almost a pulse, really. Astonishing how...
| mechanical...that...sounded. And then I put my head in
| my hands and sighed, because I had been trying to ID the
| mating call of my Epson printer. -- Ursula Vernon
More information about the users
mailing list