Mailinglist Archive: opensuse (1479 mails)
| < Previous | Next > |
Re: [opensuse] windows modify acl on openSUSE
- From: madworm_de.opensuse@xxxxxxxxxxxxxxxx
- Date: Fri, 02 Mar 2012 13:23:44 +0100
- Message-id: <4F50BBD0.6060805@spitzenpfeil.org>
On 03/02/2012 12:24 PM, lynn wrote:
It didn't work. And I spent many moons on this problem ;-(
It seems there is simply no equivalent acl setting on linux that would allow to
change the contents
of a file, but not to delete or rename it.
And now starts the debate if it really matters not being able to delete an
empty file. If users can remove
the contents of a file, why should they not be able to remove it entirely?
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
On 02/03/12 08:52, Bernhard Voelker wrote:I tried to do this years ago with a samba server on SLES10 + win xp clients.
On 03/01/2012 11:30 PM, lynn wrote:
Hi
Is there a way to implement m$ modify? i.e. a group can read and write
files but not change their name? _I_'ve looked through setfacl but it
doesn't seem to cover this one.
Thanks,
L x
For renaming a file you need write permissions to the directory.
Therefore, just set the group permissions of the directory to g-w
and for the files to g+w:
$ id -gn
users
$ ls -ld . a
drwxr-x--- 2 root users 4096 Mar 2 08:40 .
-rw-rw---- 1 root users 6 Mar 2 08:45 a
$ echo hello> a
$ rm a
rm: cannot remove `a': Permission denied
$ mv a d
mv: cannot move `a' to `d': Permission denied
Of course, in this example, only root can create new files.
So check out for the sticky bit, usually applied e.g. in /tmp.
Have a nice day,
Berny
Hi
The problem now is that the group cannot create new files in the directory.
Sorry, I didn't explain very well. I have the sticky bit set and I need to be
able tow write o the directory as a group member:
lynn2@hh3:/home/CACTUS/dropbox> id
uid=3000029(lynn2) gid=3000020(suseusers) groups=3000020(suseusers)
lynn2@hh3:/home/CACTUS/dropbox> touch a
touch: cannot touch `a': Permission denied
lynn2@hh3:/home/CACTUS/dropbox> ls -la
total 16
drwxrws---+ 2 root suseusers 4096 Mar 2 12:11 .
drwxr-xr-x 9 root root 4096 Feb 28 18:19 ..
lynn2@hh3:/home/CACTUS/dropbox> touch a
lynn2@hh3:/home/CACTUS/dropbox> ls -la
total 16
drwxrws---+ 2 root suseusers 4096 Mar 2 12:13 .
drwxr-xr-x 9 root root 4096 Feb 28 18:19 ..
-rw-rw----+ 1 lynn2 suseusers 0 Mar 2 12:13 a
lynn2@hh3:/home/CACTUS/dropbox> getfacl ../dropbox/
# file: ../dropbox/
# owner: root
# group: suseusers
# flags: -s-
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rw-
default:mask::rw-
default:other::---
lynn2@hh3:/home/CACTUS/dropbox> mv a b
lynn2@hh3:/home/CACTUS/dropbox> ls -la
total 16
drwxrws---+ 2 root suseusers 4096 Mar 2 12:15 .
drwxr-xr-x 9 root root 4096 Feb 28 18:19 ..
-rw-rw----+ 1 lynn2 suseusers 0 Mar 2 12:13 b
lynn2@hh3:/home/CACTUS/dropbox>
IOW group members still need to be able to create files but once created the
files do not change name. On windows, it's the modify flag:
http://4.bp.blogspot.com/-eEJsd2TOny8/T05PbDh85zI/AAAAAAAAARI/Axx-76I4DEA/s1600/w712.png
Any ideas?
Salu2,
L x
It didn't work. And I spent many moons on this problem ;-(
It seems there is simply no equivalent acl setting on linux that would allow to
change the contents
of a file, but not to delete or rename it.
And now starts the debate if it really matters not being able to delete an
empty file. If users can remove
the contents of a file, why should they not be able to remove it entirely?
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
| < Previous | Next > |