Re: setting perm to files with a patern in the file hame

ESGLinux <esggrupos@xxxxxxxxx> · Fri, 12 Feb 2010 08:57:14 +0100

Thanks for your answer

your solution is not valid for me because there is a time (before de cron
runs) that the file has wrong permission and it could be potentially
accesible by not autorized users.

It could be a solution if I don´t find any thind better :-(

Greetings,

ESG

2010/2/12 Cameron Simpson <cs@xxxxxxxxxx>

> On 11Feb2010 19:37, ESGLinux <esggrupos@xxxxxxxxx> wrote:
> | I´m having a problem setting file permission because I need to do a
> strange
> | thing.
> |
> | I have to set the permission of the files using the name of the file.
> I´ll
> | try to explain myself:
> |
> | I need a rule that says that if the filename begins with public*
> everybody
> | can make all with this file,
> | If the file begins with private_g1* only the users in the g1 group can
> | access de the file.
> | If the file begins with private_g2* only the users in the g2 group can
> | access de the file.
> | ....
> |
> |
> | When I create a new file the system must check the file name and assign
> the
> | correct permissions.
> |
> | With normal security schema I think this is impossible, with acl I don´t
> | know how to set new files automatically. so, what about selinux? can I
> make
> | something like that with it?
>
> Probably not.
>
> | do you know other alternative?
>
> You could have a small shell script. Run it regularly via cron or use
> the inotify facilities to fun it on files as they get made.
>
> A simple find(1) incantation like:
>
>  find your-dir \
>    -name public\* -exec chmod a+rw {} ';' \
>    -o -name private_g1\* -exec chmod o-rwx {} ';' -exec chgrp g1 {} ';'
> -exec chmod ug+rw {} ';' \
>    -o -name private_g2\* -exec chmod o-rwx {} ';' -exec chgrp g2 {} ';'
> -exec chmod ug+rw {} ';' \
>    ......
>
> Untested.
> --
> Cameron Simpson <cs@xxxxxxxxxx> DoD#743
> http://www.cskk.ezoshosting.com/cs/
>
> I must not fear.  Fear is the mind-killer.  Fear is the little death that
> brings total obliteration.  I will face my fear.  I will permit it to pass
> over me and through me.  And when it has gone past I will turn the inner
> eye
> to see its path.  Where the fear has gone there will be nothing.  Only I
> will
> remain.
>        - Frank Herbert _Dune_
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list