file permissions

Thu Oct 20 09:50:22 UTC 2005

Hi,

> -----Original Message-----
> From: Muhammad Rizwan [mailto:rizwan at nixpanel.com]
> Hello
> 
> I want to give different permissions on same file/directory 
> to 2 or more
> users. How i can do that? 
> Plz keep in mind that all these users may or may be member of same
> group. 

I believe you want to look at setfacl and getfacl. 

To use ACL's the filesystem where the file(s) reside needs to be mounted with the acl option.
$ grep acl /etc/fstab
/dev/vg01/lvol01        /home/oracle            ext3    defaults        1 2

Here is a basic rundown of using ACL's I wrote to help our unix juniors which my prove useful.

Access Control Lists

ACL's enable us to set permission on files/directories outside the normal chmod abilities.

To set and view ACL's we use setfacl and getfacl respectively.
To use ACL's the file system in question has to be mounted with the acl option.

Here's an example -

Set ACL's on /home

# grep home /etc/fstab
# /dev/vg00/lvol04        /home                   ext3    acl             1 2

Create a file on /home named afile

# echo 'echo This file contains ACLs' > afile
# chmod 700 afile
# ll afile
# -rwx------  1 root root 0 Oct 20 10:30 afile

Get the default ACL for afile

# getfacl afile
# file: afile
# owner: root
# group: root
user::rwx
group::---
other::---

As it stands only root cat do anything at all with this file.
Use an ACL to enable the group tsg to execute afile.

# setfacl -m g:tsg:rx afile

# getfacl afile
# file: afile
# owner: root
# group: root
user::rwx
group::---
group:tsg:r-x
mask::r-x
other::---

# ll afile
# -rwxr-x---+ 1 root root 31 Oct 20 10:32 afile

As you can see root is still the only user that has access to afile, but because of the ACL users in the group tsg can execute it.

Now lets enable user oracle to read it only.

# setfacl -m u:oracle:r afile
# getfacl afile
# file: afile
# owner: root
# group: root
user::rwx
user:oracle:r--
group::---
group:tsg:r-x
mask::r-x
other::---

Now oracle can read the file but cannot write or execute it.

All this has been done without using chmod on the file, it is still owned by root:root .

Wesleyan Administration Services Ltd registered number 5188850 and Wesleyan Unit Trust Managers Ltd registered number 2114859 ("WUTM Ltd")
are wholly owned subsidiary companies of Wesleyan Assurance Society, whose registered number is ZC145.
WUTM Ltd is a member of IMA. For ISA/PEP/Unit Trusts Administration Centre: PO Box Basildon SS15 5WQ Telephone: 0870 601 6129
Wesleyan Assurance Society and WUTM Ltd are authorised and regulated by the Financial Services Authority.
Head Office, Colmore Circus, Birmingham B4 6AR. Telephone: 0121 200 3003 Fax 0121 200 2971.
Website: www.wesleyan.co.uk Telephone calls may be recorded for monitoring and training purposes.

CONFIDENTIALITY NOTICE

This communication and the information it contains is intended for the person or organisation to whom it is addressed. Its contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you are not the intended recipient, please contact us immediately.

The contents of any attachments in this e-mail may contain software viruses, which could damage your own computer system. While every reasonable precaution to minimise this risk has been taken, we cannot accept liability for any damage that you sustain as a result of software viruses. You should carry out your own virus checking procedure before opening any attachment.