Restrict user to change group permission
Reuben D. Budiardja
techlist at voyager.phys.utk.edu
Tue Nov 23 14:00:46 UTC 2004
On Monday 22 November 2004 15:29, Ed Wilts wrote:
> On Mon, Nov 22, 2004 at 03:09:05PM -0500, Reuben D. Budiardja wrote:
> > Is there a way to make any file and sub-directory under a directory is
> > owned by a certain group, have permission 'rw' for that group by default,
> > regardless who created the file and how the file was created, and
> > restricted for any user to change the group permission (ie. I want the
> > group permission to always be 'rw' so that even the user who created the
> > file under that directory cannot change the group permission )
>
> You can start with a chmod g+s /directory
Yes, I've been using that.
I asked because every now and then I still found the group permission just 'r'
on some files. When this happens, other user who is a member of the group
would come to me complaining that he/she couldn't modify/delete the file
(they are working on same project) and I had to get in as root to fix the
permission.
Most of my users are using winSCP to transfer files, and probably not geeky
enough to know / make sure that the group permission is right. Only one or
two would login using shell sometimes to do stuffs. I don't know if the
ocassional cases where the group permission is wrong (ie. not the default) is
because the owner modify them un-intentionally or if it's winSCP problem or
what (any enlightenment ?). Therefore I thought if there were a way to
restrict user to change the group permission, that'd be the easiest.
> However, the owner a file can pretty much do what he wants, including
> changing the permissions. SELinux might change that - I haven't
> researched this at all.
OK. I'll try to take a look at SELinux.
Thanks
RDB
--
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennesse, Knoxville, TN
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------
More information about the redhat-list
mailing list