Restrict user to change group permission

Reuben D. Budiardja techlist at voyager.phys.utk.edu
Tue Nov 23 14:00:46 UTC 2004


On Monday 22 November 2004 15:29, Ed Wilts wrote:
> On Mon, Nov 22, 2004 at 03:09:05PM -0500, Reuben D. Budiardja wrote:
> > Is there a way to make any file and sub-directory under a directory is
> > owned by a certain group, have permission 'rw' for that group by default,
> > regardless who created the file and how the file was created, and
> > restricted for any user to change the group permission (ie. I want the
> > group permission to always be 'rw' so that even the user who created the
> > file under that directory cannot change the group permission )
>
> You can start with a chmod g+s /directory

Yes, I've been using that. 

I asked because every now and then I still found the group permission just 'r' 
on some files. When this happens, other user who is a member of the group 
would come to me complaining that he/she couldn't modify/delete the file 
(they are working on same project) and I had to get in as root to fix the 
permission. 
Most of my users are using winSCP to transfer files, and probably not geeky 
enough to know / make sure that the group permission is right. Only one or 
two would login using shell sometimes to do stuffs. I don't know if the 
ocassional cases where the group permission is wrong (ie. not the default) is 
because the owner modify them un-intentionally or if it's winSCP problem or 
what (any enlightenment ?). Therefore I thought if there were a way to 
restrict user to change the group permission, that'd be the easiest. 

> However, the owner a file can pretty much do what he wants, including
> changing the permissions.  SELinux might change that - I haven't
> researched this at all.

OK. I'll try to take a look at SELinux.

Thanks
RDB

-- 
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennesse, Knoxville, TN

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++ 
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+ 
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------




More information about the redhat-list mailing list