Re: setting perm to files with a patern in the file hame

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

2010/2/13 Carl T. Miller <carl@xxxxxxxxxx>

> Why don't you create three different directories and then
> set up the appropriate permissions for each?  That would
> do everything that you've said you wanted, and it would
> also protect you from someone accidentally creating a file
> and misspelling the prefix.
>
> c
>

I can´t do the organization with directories because it´s a requisite of the
project. ALL must be in the same directory.

So, my principal doubt is if with SELinux I can do it. Because the other
options are not possible.

what I´m trying to simulate is this:
http://en.wikipedia.org/wiki/Resource_Access_Control_Facility

any idea,?

TIA



>
>
> ESGLinux wrote:
> > Thanks for your answer
> >
> > your solution is not valid for me because there is a time (before de cron
> > runs) that the file has wrong permission and it could be potentially
> > accesible by not autorized users.
> >
> > It could be a solution if I don´t find any thind better :-(
> >
> >
> > Greetings,
> >
> > ESG
> >
> > 2010/2/12 Cameron Simpson <cs@xxxxxxxxxx>
> >
> >> On 11Feb2010 19:37, ESGLinux <esggrupos@xxxxxxxxx> wrote:
> >> | I´m having a problem setting file permission because I need to do a
> >> strange
> >> | thing.
> >> |
> >> | I have to set the permission of the files using the name of the file.
> >> I´ll
> >> | try to explain myself:
> >> |
> >> | I need a rule that says that if the filename begins with public*
> >> everybody
> >> | can make all with this file,
> >> | If the file begins with private_g1* only the users in the g1 group can
> >> | access de the file.
> >> | If the file begins with private_g2* only the users in the g2 group can
> >> | access de the file.
> >> | ....
> >> |
> >> |
> >> | When I create a new file the system must check the file name and
> >> assign
> >> the
> >> | correct permissions.
> >> |
> >> | With normal security schema I think this is impossible, with acl I
> >> don´t
> >> | know how to set new files automatically. so, what about selinux? can I
> >> make
> >> | something like that with it?
> >>
> >> Probably not.
> >>
> >> | do you know other alternative?
> >>
> >> You could have a small shell script. Run it regularly via cron or use
> >> the inotify facilities to fun it on files as they get made.
> >>
> >> A simple find(1) incantation like:
> >>
> >>  find your-dir \
> >>    -name public\* -exec chmod a+rw {} ';' \
> >>    -o -name private_g1\* -exec chmod o-rwx {} ';' -exec chgrp g1 {} ';'
> >> -exec chmod ug+rw {} ';' \
> >>    -o -name private_g2\* -exec chmod o-rwx {} ';' -exec chgrp g2 {} ';'
> >> -exec chmod ug+rw {} ';' \
> >>    ......
> >>
> >> Untested.
> >> --
> >> Cameron Simpson <cs@xxxxxxxxxx> DoD#743
> >> http://www.cskk.ezoshosting.com/cs/
> >>
> >> I must not fear.  Fear is the mind-killer.  Fear is the little death
> >> that
> >> brings total obliteration.  I will face my fear.  I will permit it to
> >> pass
> >> over me and through me.  And when it has gone past I will turn the inner
> >> eye
> >> to see its path.  Where the fear has gone there will be nothing.  Only I
> >> will
> >> remain.
> >>        - Frank Herbert _Dune_
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux