Am Mittwoch, den 11.03.2009, 18:10 +0100 schrieb Till Maas: > On Mi März 11 2009, Colin Walters wrote: > > 2009/3/11 Till Maas <opensource@xxxxxxxxx>: > > > There is no way with ACLs to setup a directory where a group of users has > > > complete access to everything. > > > > "complete access to everything" isn't very well specified - can you > > give an example? > > In a collaborative work environment where several people store files in one > directory or subdirectories of it, every user in the group should have read > and write access to any file. Does this do what you want? mkdir /mnt/eng chown root:eng /mnt/eng chmod 070 /mnt/eng chmod g+s /mnt/eng > > > > It is still possible for a user to add a file > > > that cannot be accessed by other users or cannot be written to. > > > > Deliberately? Of course, the Unix discretionary permissions model has > > always allowed that, ACLs or not. But the default ACL setting on the > > directory should ensure that new files have the intended permissions. > > The default ACLs are overwritten by the ACL mask, which is somehow built from > the traditional unix permission. E.g. if there is a directory with a default > mask that gives read and write permissions to a certain group, someone can > still (s)cp a file that is not group writeable to this directory. Then because > of the ACL mask, it is also not group writeable for the collaboration group. > > With bindfs a root user can ensure that no non-root user will mess up the > permissions inside the common directory, regardless of whether it happens > intentionally or by accident. > > Regards, > Till > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-list -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
