On 02/03/12 13:23, madworm_de.opensuse@spitzenpfeil.org wrote:
On 03/02/2012 12:24 PM, lynn wrote:
On 02/03/12 08:52, Bernhard Voelker wrote:
On 03/01/2012 11:30 PM, lynn wrote:
Hi Is there a way to implement m$ modify? i.e. a group can read and write files but not change their name? _I_'ve looked through setfacl but it doesn't seem to cover this one. Thanks, L x
For renaming a file you need write permissions to the directory. Therefore, just set the group permissions of the directory to g-w and for the files to g+w:
$ id -gn users $ ls -ld . a drwxr-x--- 2 root users 4096 Mar 2 08:40 . -rw-rw---- 1 root users 6 Mar 2 08:45 a $ echo hello> a $ rm a rm: cannot remove `a': Permission denied $ mv a d mv: cannot move `a' to `d': Permission denied
Of course, in this example, only root can create new files. So check out for the sticky bit, usually applied e.g. in /tmp.
Have a nice day, Berny
Hi The problem now is that the group cannot create new files in the directory.
Sorry, I didn't explain very well. I have the sticky bit set and I need to be able tow write o the directory as a group member:
lynn2@hh3:/home/CACTUS/dropbox> id uid=3000029(lynn2) gid=3000020(suseusers) groups=3000020(suseusers) lynn2@hh3:/home/CACTUS/dropbox> touch a touch: cannot touch `a': Permission denied lynn2@hh3:/home/CACTUS/dropbox> ls -la total 16 drwxrws---+ 2 root suseusers 4096 Mar 2 12:11 . drwxr-xr-x 9 root root 4096 Feb 28 18:19 .. lynn2@hh3:/home/CACTUS/dropbox> touch a lynn2@hh3:/home/CACTUS/dropbox> ls -la total 16 drwxrws---+ 2 root suseusers 4096 Mar 2 12:13 . drwxr-xr-x 9 root root 4096 Feb 28 18:19 .. -rw-rw----+ 1 lynn2 suseusers 0 Mar 2 12:13 a lynn2@hh3:/home/CACTUS/dropbox> getfacl ../dropbox/ # file: ../dropbox/ # owner: root # group: suseusers # flags: -s- user::rwx group::rwx mask::rwx other::--- default:user::rwx default:group::rw- default:mask::rw- default:other::--- lynn2@hh3:/home/CACTUS/dropbox> mv a b lynn2@hh3:/home/CACTUS/dropbox> ls -la total 16 drwxrws---+ 2 root suseusers 4096 Mar 2 12:15 . drwxr-xr-x 9 root root 4096 Feb 28 18:19 .. -rw-rw----+ 1 lynn2 suseusers 0 Mar 2 12:13 b lynn2@hh3:/home/CACTUS/dropbox>
IOW group members still need to be able to create files but once created the files do not change name. On windows, it's the modify flag: http://4.bp.blogspot.com/-eEJsd2TOny8/T05PbDh85zI/AAAAAAAAARI/Axx-76I4DEA/s1...
Any ideas? Salu2, L x I tried to do this years ago with a samba server on SLES10 + win xp clients.
It didn't work. And I spent many moons on this problem ;-(
It seems there is simply no equivalent acl setting on linux that would allow to change the contents of a file, but not to delete or rename it.
And now starts the debate if it really matters not being able to delete an empty file. If users can remove the contents of a file, why should they not be able to remove it entirely?
Hi Thanks for the reply. I hope it doesn't start a debate. This is a Samba4 AD with 12.1 and win7 boxes. The share is on nfs3 from POSIX acl'd ext4. Is that the problem? Or is it just that this can't be done end of story. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org