You might want to check out setfacl and its partner, getfacl. setfacl sets access control lists and when done correctly on a directory will over-ride the os permissions on the files in the directory which will also inherit the ACL. It can be somewhat non-intuitive and I recommend practicing elsewhere before implementing in a production environment. Patti -----Original Message----- From: Reuben D. Budiardja [mailto:techlist@xxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, November 23, 2004 9:01 AM To: General Red Hat Linux discussion list; Ed Wilts Subject: Re: Restrict user to change group permission On Monday 22 November 2004 15:29, Ed Wilts wrote: > On Mon, Nov 22, 2004 at 03:09:05PM -0500, Reuben D. Budiardja wrote: > > Is there a way to make any file and sub-directory under a directory is > > owned by a certain group, have permission 'rw' for that group by default, > > regardless who created the file and how the file was created, and > > restricted for any user to change the group permission (ie. I want the > > group permission to always be 'rw' so that even the user who created the > > file under that directory cannot change the group permission ) > > You can start with a chmod g+s /directory Yes, I've been using that. I asked because every now and then I still found the group permission just 'r' on some files. When this happens, other user who is a member of the group would come to me complaining that he/she couldn't modify/delete the file (they are working on same project) and I had to get in as root to fix the permission. Most of my users are using winSCP to transfer files, and probably not geeky enough to know / make sure that the group permission is right. Only one or two would login using shell sometimes to do stuffs. I don't know if the ocassional cases where the group permission is wrong (ie. not the default) is because the owner modify them un-intentionally or if it's winSCP problem or what (any enlightenment ?). Therefore I thought if there were a way to restrict user to change the group permission, that'd be the easiest. > However, the owner a file can pretty much do what he wants, including > changing the permissions. SELinux might change that - I haven't > researched this at all. OK. I'll try to take a look at SELinux. Thanks RDB -- Reuben D. Budiardja Dept. Physics and Astronomy University of Tennesse, Knoxville, TN -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++ N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+ b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++ ------END GEEK CODE BLOCK------ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list