Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: trombley on January 13, 2005, 04:55:05 PM
-
I am a new IT Support manager and have inherited a SME 6 server, as the sole server of our organization. Working with management and employees, I am trying to clean up the IBAY server structure and its permissions.
My problems is a follows: I cannot seem to find a way to allow a single user to have read/write priviledges to an ibay for purposes of management and updates, while allowing others only read-only priviledges. I cannot set priviledges via Windows Explorer, and the Ibay only allows you to assign one group to the IBAY. This is very limiting. Is there a way around this (I am not a Linux guru) or some update/upgrade that will give more flexability?
I know the manual says the admin must check in new documents, but I don't have time to babysit hundreds of legal documents as they are created and changed every day. :cry:
Your help is eagerly awaited!!! :-D :-D
-
I have had the same issue, my workaround was to create a group for that individual. Then you give the group the permission to write.
Not as clean as you would like, but it works.
-
Yea, that would work if the other group with Read-Only priviledges is "Everyone". Unfortunately that is rarely the case with departments.
It's hard to believe, especially since it is built on top of a full featured OS, that this software is weak in its security permissions.
Oh well. Anyone else out there with any ideas?
-
This I saved in my notes many moons ago, maybe it will help you?
I do not recall who the original author was, but included the link I found it at.
Dan
http://www.e-smith.org/bboard/read.php?f=3&i=31298&t=31210&v=f
To explain the concept a little further here are some various examples, these are not the only possibilities though.
group1 = u1 + u2 + u3 + u4 (users)
group2 = u2 + u3 + u4 (power users)
group3 = u3 + u4 (supervisors)
group4 = u4 (manager) (administrator)
group5 = u1 + u3 + u4 (users except u2)
group6 = u1 + u2 + u4 (users except u3)
group7 = u1 + u3 (user1 + user3 special group)
group8 = u2 + u3 (user2 + user3 special group)
note u4 (manager) also has access as admin user
Here are some examples of different ibay setups:
The second & third examples show how to allow some users write access, but limit other users to read or no access.
The last 4 examples show how you can selectively exclude certain users from access to an ibay, which is the same as saying how to allow one group to access an ibay and another group not to access an ibay
ibay1 = owner = group4 (u4) Write=group (group4), Read=everyone (u1, u2, u3, u4)
therefore only group4 member u4 can write but everyone can read
ibay2 = owner = group3 (u3 + u4) write=group (group3), read=everyone (u1, u2, u3, u4)
therefore only group3 members u3 + u4 can write but everyone can read
ibay3 = owner = group2 (u2 + u3 + u4) write=group (group2), read=group (group2)
therefore only group2 members u2 or u3 or u4 can write or read, u1 gets no access at all
ibay4 = owner = group1 (u1 + u2 + u3 + u4) Write=group (group1), Read=group (group1)
therefore only group1 members u1 or u2 or u3 or u4 can write or read which in this case means everyone
ibay5 = owner = group1 (u1 + u2 + u3 + u4) Write=admin, Read=group (group1) u1, u2, u3, u4
therefore only admin user can write, but u1, u2, u3, u4 can read which in this case means everyone
ibay6 = owner = group5 (u1 + u3 + u4) write=group (u1 + u3 + u4, not u2), read=group (u1 + u2 + u3, not u2)
therefore only group5 members u1 or u3 or u4 can write & read, u2 gets no access at all
ibay7 = owner = group6 (u1 + u2 + u4) write=group (u1 + u2 + u4, not u3), read=group (u1 + u2 + u4, not u3)
therefore only group6 members u1 + u2 + u4 can write & read, u3 gets no access at all
ibay8 = owner = group7 (u1 + u3) write=group (group7), read=group (group7)
therefore only group7 members u1 or u3 can write or read, u2, u4 get no access at all
ibay9 = owner = group8 (u2 + u3) write=group (group8), read=group (group8)
therefore only group8 members u2 or u3 can write or read, u1, u4 get no access at all
and so on......
Here is a summary of two of the users access rights (which are different)
user2 has write access to ibays 3, 4, 7, 9
User2 has read access to ibays 1, 2, 3, 4, 5, 7, 8, 9
User2 has no access at all to ibay 6, 8
User3 has write access to ibays 2, 3, 4, 6, 8, 9
User3 has read access to ibays 1, 2, 3, 4, 5, 6, 8, 9
User3 has no access at all to ibay 7
no user except admin has write access to ibay 5
You can work out the rest yourselves.
So you can see by combining user groupings, ibay ownership and ibay permissions (in differing combinations), you can control (allow, disallow or limit) user write & read access quite effectively to all, some or even no ibays.
You need to give some thought to the structure you require before you add any users, groups or ibays.
-
Ok, I can see how that would work. Now for the really stupid question :-o (please remember that I am not a Linux person .. yet :-P !!)
How do you set the ownership for an Ibay? I thought only the admin or admin group can create them and they are thus the owners? If I can create a group with the right members and then give them ownership (admin rights) of just one ibay, then my problem is solved.
Your wisdom is awaited
-
If you have the server, surely you have logged into the "server-manager" ?
xx.xx.xx.xx/server-manager
On the left panel is where you create ibays, including setting permissions etc.
-
Yes I have. I have created an ibay called legal. I want 3 users to have write permission. I want another 5 users to have read permission. I want the other employees not to be able to have any access at all.
Can I do that at some level?
-
Here's a possible solution.
Not ideal, but it might work for you.
Set the ibay as write group/read everyone and set a password on the ibay.
-
Thanks, that a great solution. :lol: