[kwlug-disc] Access rights to file/folder

[Raul Suarez]

--- On Wed, 7/28/10, John Van Ostrand <john at netdirect.ca> wrote:
> It makes sense in that it defines the
> data type, like "Legal Documents" or "HR Records" and then
> when mapping permissions you would say "Lawyers" have access
> to "Legal Documents" and "HR Managers" have access to "HR
> Documents". It's all set in one spot.

Except if there are some Legal documents that HR must have access to. Then you need to create that other group and maybe the head of HR may need access to a different "Legal Documents" subset that other HR people don't have access to.

I understand that you should avoid fine grained access as much as possible as it becomes unwieldy. The original question was "what if you need it?". And Eric provided a good response.

> If I have two users alice (group local) and bob (group
> remote) need to share files they create. Using standard
> Posix permissions we would add them to a third group (say
> legal_data) and assign that group to the directory and give
> the directory group write and a sticky bit (chmod g+w,+t).
> The user's umasks would have to be 00? and then any file
> Alice writes Bob and read and write.

This will work in the case I'm looking at, specially being the Posix way.
 
> How is that done with ACLs?

You can do it two ways:

A) As you described: Creating a ACL that other users and/or ACLs belong to then granting access to that ACL

B) As I described before: Granting rights to several users and/or ACLs