setting perm to files with a patern in the file hame
ESGLinux
esggrupos at gmail.com
Mon Feb 15 10:18:16 UTC 2010
Hi all,
2010/2/13 Carl T. Miller <carl at carltm.com>
> Why don't you create three different directories and then
> set up the appropriate permissions for each? That would
> do everything that you've said you wanted, and it would
> also protect you from someone accidentally creating a file
> and misspelling the prefix.
>
> c
>
I can´t do the organization with directories because it´s a requisite of the
project. ALL must be in the same directory.
So, my principal doubt is if with SELinux I can do it. Because the other
options are not possible.
what I´m trying to simulate is this:
http://en.wikipedia.org/wiki/Resource_Access_Control_Facility
any idea,?
TIA
>
>
> ESGLinux wrote:
> > Thanks for your answer
> >
> > your solution is not valid for me because there is a time (before de cron
> > runs) that the file has wrong permission and it could be potentially
> > accesible by not autorized users.
> >
> > It could be a solution if I don´t find any thind better :-(
> >
> >
> > Greetings,
> >
> > ESG
> >
> > 2010/2/12 Cameron Simpson <cs at zip.com.au>
> >
> >> On 11Feb2010 19:37, ESGLinux <esggrupos at gmail.com> wrote:
> >> | I´m having a problem setting file permission because I need to do a
> >> strange
> >> | thing.
> >> |
> >> | I have to set the permission of the files using the name of the file.
> >> I´ll
> >> | try to explain myself:
> >> |
> >> | I need a rule that says that if the filename begins with public*
> >> everybody
> >> | can make all with this file,
> >> | If the file begins with private_g1* only the users in the g1 group can
> >> | access de the file.
> >> | If the file begins with private_g2* only the users in the g2 group can
> >> | access de the file.
> >> | ....
> >> |
> >> |
> >> | When I create a new file the system must check the file name and
> >> assign
> >> the
> >> | correct permissions.
> >> |
> >> | With normal security schema I think this is impossible, with acl I
> >> don´t
> >> | know how to set new files automatically. so, what about selinux? can I
> >> make
> >> | something like that with it?
> >>
> >> Probably not.
> >>
> >> | do you know other alternative?
> >>
> >> You could have a small shell script. Run it regularly via cron or use
> >> the inotify facilities to fun it on files as they get made.
> >>
> >> A simple find(1) incantation like:
> >>
> >> find your-dir \
> >> -name public\* -exec chmod a+rw {} ';' \
> >> -o -name private_g1\* -exec chmod o-rwx {} ';' -exec chgrp g1 {} ';'
> >> -exec chmod ug+rw {} ';' \
> >> -o -name private_g2\* -exec chmod o-rwx {} ';' -exec chgrp g2 {} ';'
> >> -exec chmod ug+rw {} ';' \
> >> ......
> >>
> >> Untested.
> >> --
> >> Cameron Simpson <cs at zip.com.au> DoD#743
> >> http://www.cskk.ezoshosting.com/cs/
> >>
> >> I must not fear. Fear is the mind-killer. Fear is the little death
> >> that
> >> brings total obliteration. I will face my fear. I will permit it to
> >> pass
> >> over me and through me. And when it has gone past I will turn the inner
> >> eye
> >> to see its path. Where the fear has gone there will be nothing. Only I
> >> will
> >> remain.
> >> - Frank Herbert _Dune_
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list