Re: Permission inheritance problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sticky bit user for collaboration directory. and how it works in short:

suppose you create a group dev and create a directory /limit and that
is owned by dev group.

Now a user joe he is in dev group as secondary group. He wants to
modify a file in that directory but he will get 'permission deny' even
the directory is owned by dev group and it is 770.

Solution: apply stcky bit in that directory .. chmod 2770 /limit

Now joe can read write and execute files in /limit  directory.

Does it helped ?


On Fri, Nov 18, 2011 at 5:04 AM, kavya <kavya.g4@xxxxxxxxx> wrote:
> so if i set a sticky bit it applies for owner also????
>
> On Fri, Nov 18, 2011 at 2:05 PM, Cameron Simpson <cs@xxxxxxxxxx> wrote:
>
>> On 18Nov2011 11:07, kavya <kavya.g4@xxxxxxxxx> wrote:
>> |           Am working with file permission I have a query,
>> |
>> | usually on /mnt normal users will not be having permission to write so I
>> | gave permission such as
>> | #chmod 766 /mnt
>>
>> Surely you want 777 here? A directory with no 'x' permission is not
>> searchable; 'r' only lets someone see the names of the things in the
>> directory, 'x' (search) lets them access it. So with a directory you
>> almost always want to grant 'x' if you grant any access. You don't need
>> to give 'r', but it is usual. So 'r-x' and '--x' are sensible, 'r--' is
>> usually not sensible.
>>
>> | #chmod go+t /mnt
>>
>> You just want "+t" here. There is no such thing as "sticky bit for
>> group" or "sticky bit for other". There is only one bit.
>>
>> | I have enabled a sticky bit on /mnt  for group and
>> | others, as sticky bit is set, even the files and folders under /mnt can
>> not
>> | be deleted by others even if they have complete permissions and no sticky
>> | bit is set for files under /mnt,
>>
>> Yes.
>>
>> | is there any option to allow users to
>> | delete only particular files ?????
>>
>> No. The permissions on /mnt apply to the directory as a whole,
>> not on a per-name basis.
>>
>> If you want per-name control the best you can do is make subdirectories
>> and grant different accesses to those. Which is what home directories
>> effectively are, if you would like a similar arrangement.
>>
>> Cheers,
>> --
>> Cameron Simpson <cs@xxxxxxxxxx> DoD#743
>> http://www.cskk.ezoshosting.com/cs/
>>
>> My opinions are borrowed from someone who no longer needs them.
>>        -- KatmanDu@xxxxxxxxxxxxxx
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
>
> Thanks and Regards
>
>         Kavya.N(Koramangala)
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Regards.
Sanjay Chakraborty

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux