WANTED: Clever solution for Transifex storage
nodata
lsof at nodata.co.uk
Mon Mar 23 21:42:02 UTC 2009
Am Mittwoch, den 11.03.2009, 18:10 +0100 schrieb Till Maas:
> On Mi März 11 2009, Colin Walters wrote:
> > 2009/3/11 Till Maas <opensource at till.name>:
> > > There is no way with ACLs to setup a directory where a group of users has
> > > complete access to everything.
> >
> > "complete access to everything" isn't very well specified - can you
> > give an example?
>
> In a collaborative work environment where several people store files in one
> directory or subdirectories of it, every user in the group should have read
> and write access to any file.
Does this do what you want?
mkdir /mnt/eng
chown root:eng /mnt/eng
chmod 070 /mnt/eng
chmod g+s /mnt/eng
>
> > > It is still possible for a user to add a file
> > > that cannot be accessed by other users or cannot be written to.
> >
> > Deliberately? Of course, the Unix discretionary permissions model has
> > always allowed that, ACLs or not. But the default ACL setting on the
> > directory should ensure that new files have the intended permissions.
>
> The default ACLs are overwritten by the ACL mask, which is somehow built from
> the traditional unix permission. E.g. if there is a directory with a default
> mask that gives read and write permissions to a certain group, someone can
> still (s)cp a file that is not group writeable to this directory. Then because
> of the ACL mask, it is also not group writeable for the collaboration group.
>
> With bindfs a root user can ensure that no non-root user will mess up the
> permissions inside the common directory, regardless of whether it happens
> intentionally or by accident.
>
> Regards,
> Till
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
More information about the fedora-devel-list
mailing list