permissions on a filesystem
in [General Linux]
|
From: Rahul on 14 Feb 2010 10:37 Michael Black <et472(a)ncf.ca> wrote in news:Pine.LNX.4.64.1002140124310.12809(a)darkstar.example.net: > maliciously. There's no reason for someone to have a monopoly on > creating files when everyone else can delete it as they desire. The > later negates the former. > The actual need is: the ability for only owner to create files that only him and one other user can delete. but that seemed an even tougher requirement. (unless I go down the ACL route.) -- Rahul
From: J G Miller on 14 Feb 2010 11:49 On Sun, 14 Feb 2010 15:34:04 +0000, Rahul wrote: > I suspect quotas are on the FS level? Yes that is correct. > So a zero quota would hamper the ability of a user > to create files in his own home dir as well. So do not put the special permissions directory on the home file system partition. ;)
From: Stan Bischof on 14 Feb 2010 12:29 Rahul <nospam(a)nospam.invalid> wrote: > Is there a way (under ext3) to set permissions on a dir such that: > > only user can create new files > but anyone in the group can delete files > > As other's have noted-- you can't do this with traditional unix file permissions. This is a case where ACL's ( standard in the Windows world ) allow much greater range of control- and could do what you want if you enabled them on your system. So- direct answer to your specific question is "no" but you can tack on ACL's to get what you want. Stan
From: Mark Hobley on 14 Feb 2010 13:08 Rahul <nospam(a)invalid.invalid> wrote: > > Many users submit jobs on our scheduling system (openpbs). Normally > users can delete their own jobs via a "qdel" command from the scheduler > suite. > But, once in a while it requires a stronger "qdel --purge". Now > the "qdel --purge" binary is so designed that only root can use the -- > purge option. Ok. Why is the purge option needed here? What is happening? > In an ideal world though I'd like: "user has the right to make files and > pbsadmin has right to delete files". But then again, that's a pretty > exotic need too! You can do this by making pbsadmin a member of the pbsadmin group, and using a suidexec root on a copy of qdel (call it pbsdel). Make sure that pbsdel is only executable by members of the pbsadmin group. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: The Natural Philosopher on 14 Feb 2010 13:08
Rahul wrote: > Michael Black <et472(a)ncf.ca> wrote in > news:Pine.LNX.4.64.1002140124310.12809(a)darkstar.example.net: > >> maliciously. There's no reason for someone to have a monopoly on >> creating files when everyone else can delete it as they desire. The >> later negates the former. >> > > The actual need is: the ability for only owner to create files that only > him and one other user can delete. > that means put everyone in a second group called 'Icandeleteyouhaha' and give group write perms to the files. You can work magic on the directory permissions to foce group ownership of contents to that group. I forget how. I always end up setting every strange bit until it works. > but that seemed an even tougher requirement. (unless I go down the ACL > route.) > |