Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: N. Armansyah Badib on October 26, 2002, 11:32:02 AM
-
Greetings everyone,
Here is the situation: I need an I-bay that can be accessed by at least 2 different groups (both non Admin). One group has Write-Read access, the other(s) just Read access. Can this be done?
Any replies, suggestions, and even flame is most welcomed :)
Regards,
arman
-
N. Armansyah Badib wrote:
> Here is the situation: I need an I-bay that can be accessed
> by at least 2 different groups (both non Admin). One group
> has Write-Read access, the other(s) just Read access. Can
> this be done?
Not at all easily. The Unix permission model doesn't specify different read-write and read groups. Your two choices are to allow world read, or to allow read-write to the group which needs to read the data, and use non-technical means to restrict who writes there - that is, use policy and policing.
Charlie
-
You aren't being fair to the unix permission model. All you need is to make the directory and files group r/w by the writing group, readable by all, and put it below a directory which only the members of both groups can traverse: either by making the group with read access include the members of the writing group or by creating a 3rd group that is a superset of both, whichever makes more sense for the group roles.(The implied requirement of no access for users that are not members of these two groups is the only reason this is difficult at all).
I'm not sure there is a handy way to make an i-bay fit into this scheme.
-
An NT file server was used for this requirement (which I want to replace), and it was much simpler to set up. I guess there is no easy way out of this one ...
Okay then ... thank you so much for the replies gentlemen.
Have a great week ahead :)
-
the samba read list and write list parameters may solve your problem using the group notation, @group