Permission inheritance problem
Sanjay Chakraborty
sanjaychakrab at gmail.com
Mon Nov 21 01:24:32 UTC 2011
Sticky bit user for collaboration directory. and how it works in short:
suppose you create a group dev and create a directory /limit and that
is owned by dev group.
Now a user joe he is in dev group as secondary group. He wants to
modify a file in that directory but he will get 'permission deny' even
the directory is owned by dev group and it is 770.
Solution: apply stcky bit in that directory .. chmod 2770 /limit
Now joe can read write and execute files in /limit directory.
Does it helped ?
On Fri, Nov 18, 2011 at 5:04 AM, kavya <kavya.g4 at gmail.com> wrote:
> so if i set a sticky bit it applies for owner also????
>
> On Fri, Nov 18, 2011 at 2:05 PM, Cameron Simpson <cs at zip.com.au> wrote:
>
>> On 18Nov2011 11:07, kavya <kavya.g4 at gmail.com> wrote:
>> | Am working with file permission I have a query,
>> |
>> | usually on /mnt normal users will not be having permission to write so I
>> | gave permission such as
>> | #chmod 766 /mnt
>>
>> Surely you want 777 here? A directory with no 'x' permission is not
>> searchable; 'r' only lets someone see the names of the things in the
>> directory, 'x' (search) lets them access it. So with a directory you
>> almost always want to grant 'x' if you grant any access. You don't need
>> to give 'r', but it is usual. So 'r-x' and '--x' are sensible, 'r--' is
>> usually not sensible.
>>
>> | #chmod go+t /mnt
>>
>> You just want "+t" here. There is no such thing as "sticky bit for
>> group" or "sticky bit for other". There is only one bit.
>>
>> | I have enabled a sticky bit on /mnt for group and
>> | others, as sticky bit is set, even the files and folders under /mnt can
>> not
>> | be deleted by others even if they have complete permissions and no sticky
>> | bit is set for files under /mnt,
>>
>> Yes.
>>
>> | is there any option to allow users to
>> | delete only particular files ?????
>>
>> No. The permissions on /mnt apply to the directory as a whole,
>> not on a per-name basis.
>>
>> If you want per-name control the best you can do is make subdirectories
>> and grant different accesses to those. Which is what home directories
>> effectively are, if you would like a similar arrangement.
>>
>> Cheers,
>> --
>> Cameron Simpson <cs at zip.com.au> DoD#743
>> http://www.cskk.ezoshosting.com/cs/
>>
>> My opinions are borrowed from someone who no longer needs them.
>> -- KatmanDu at uga.cc.uga.edu
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
>
> Thanks and Regards
>
> Kavya.N(Koramangala)
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Regards.
Sanjay Chakraborty
More information about the redhat-list
mailing list