Hi all, 2010/2/13 Carl T. Miller <carl@xxxxxxxxxx> > Why don't you create three different directories and then > set up the appropriate permissions for each? That would > do everything that you've said you wanted, and it would > also protect you from someone accidentally creating a file > and misspelling the prefix. > > c > I can´t do the organization with directories because it´s a requisite of the project. ALL must be in the same directory. So, my principal doubt is if with SELinux I can do it. Because the other options are not possible. what I´m trying to simulate is this: http://en.wikipedia.org/wiki/Resource_Access_Control_Facility any idea,? TIA > > > ESGLinux wrote: > > Thanks for your answer > > > > your solution is not valid for me because there is a time (before de cron > > runs) that the file has wrong permission and it could be potentially > > accesible by not autorized users. > > > > It could be a solution if I don´t find any thind better :-( > > > > > > Greetings, > > > > ESG > > > > 2010/2/12 Cameron Simpson <cs@xxxxxxxxxx> > > > >> On 11Feb2010 19:37, ESGLinux <esggrupos@xxxxxxxxx> wrote: > >> | I´m having a problem setting file permission because I need to do a > >> strange > >> | thing. > >> | > >> | I have to set the permission of the files using the name of the file. > >> I´ll > >> | try to explain myself: > >> | > >> | I need a rule that says that if the filename begins with public* > >> everybody > >> | can make all with this file, > >> | If the file begins with private_g1* only the users in the g1 group can > >> | access de the file. > >> | If the file begins with private_g2* only the users in the g2 group can > >> | access de the file. > >> | .... > >> | > >> | > >> | When I create a new file the system must check the file name and > >> assign > >> the > >> | correct permissions. > >> | > >> | With normal security schema I think this is impossible, with acl I > >> don´t > >> | know how to set new files automatically. so, what about selinux? can I > >> make > >> | something like that with it? > >> > >> Probably not. > >> > >> | do you know other alternative? > >> > >> You could have a small shell script. Run it regularly via cron or use > >> the inotify facilities to fun it on files as they get made. > >> > >> A simple find(1) incantation like: > >> > >> find your-dir \ > >> -name public\* -exec chmod a+rw {} ';' \ > >> -o -name private_g1\* -exec chmod o-rwx {} ';' -exec chgrp g1 {} ';' > >> -exec chmod ug+rw {} ';' \ > >> -o -name private_g2\* -exec chmod o-rwx {} ';' -exec chgrp g2 {} ';' > >> -exec chmod ug+rw {} ';' \ > >> ...... > >> > >> Untested. > >> -- > >> Cameron Simpson <cs@xxxxxxxxxx> DoD#743 > >> http://www.cskk.ezoshosting.com/cs/ > >> > >> I must not fear. Fear is the mind-killer. Fear is the little death > >> that > >> brings total obliteration. I will face my fear. I will permit it to > >> pass > >> over me and through me. And when it has gone past I will turn the inner > >> eye > >> to see its path. Where the fear has gone there will be nothing. Only I > >> will > >> remain. > >> - Frank Herbert _Dune_ > >> > >> -- > >> redhat-list mailing list > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >> https://www.redhat.com/mailman/listinfo/redhat-list > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
