Date: Fri, 14 Dec 2001 13:21:45 -0600 From: "Mike Meyer" <mwm-dated-1008789706.1dd6ae@mired.org> To: "Drew Tomlinson" <drew@mykitchentable.net> Cc: "Ulrich Gruenebaum" <grueneba@zkom.de>, <questions@freebsd.org> Subject: Re: group permissions Message-ID: <15386.20809.937558.896574@guru.mired.org> In-Reply-To: <00cc01c184b8$3fbfd530$0301a8c0@bigdaddy> References: <15385.4538.743578.879745@guru.mired.org> <00cc01c184b8$3fbfd530$0301a8c0@bigdaddy>
next in thread | previous in thread | raw e-mail | index | archive | help
Drew Tomlinson <drew@mykitchentable.net> types: > > Ulrich Gruenebaum <grueneba@zkom.de> types: > > As a general rule, when you talk about someone needing read or > > read/write access to a file, you're actually talking about them > > running a specific application to read or read/write the file. The > > Unix way of dealing with this is the setgid and/or setuid bits. > > > > Extending your example, you have user, rgroup, and rwgroup, and two > > applications, reader and writer. You make the file like so: > > > > -rw-r----- 1 user rgroup 1024 Dec 13 14:55 file > > I was reading your post as they are always informative and helpful. I > don't understand why the group would be 'rgroup' instead of 'rwgroup'. > What am I missing? rgroup is the group that needs read permission. You put the file in that group so members of that group can read it. Those who need both read and write permission are in rwgroup. That is the group that can run the program "writer". It runs setuid to user, so that it can write the file, even though the group that can run it can't. This is the Unix method for granting a group permission to do something that they normally can't do - with an application that runs set[ug]id to the privs that are needed. <mike > Thanks, > > Drew > > > And the two applications like so: > > > > ---x--x--- 1 user rgroup 1024 Dec 13 14:55 reader > > ---s--x--- 1 user rwgroup 1024 Dec 13 14:55 writer > > > > People in rgroup will be able to run reader, and be able to read the > > file. People in group rwgroup will be able to run writer, which will > > then act as "user" instead of them, and hence have read/write access > > to the file. If people in rwgroup also have to run reader, you can > put > > them in rgroup as well. > > > > <mike > > -- > > Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ > > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more > information. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15386.20809.937558.896574>