[kwlug-disc] Access rights to file/folder

[Rashkae]

John Van Ostrand wrote:
> ----- Original Message -----

> Before using those consider a few things. Even in Windows the use of ACLs can get admins into a great deal of trouble. Usually the trouble is a mess of files with poorly defined rights. Admins are afraid to touch things for fear of ruining something. Last I administered a Windows server the defined practice was to create a resource group and assign it to a folder/share. Then I assign users or user groups to the resource group. It makes sense in that it defines the data type, like "Legal Documents" or "HR Records" and then when mapping permissions you would say "Lawyers" have access to "Legal Documents" and "HR Managers" have access to "HR Documents". It's all set in one spot.
> 
> We've been able to do everything we want with standard Posix permissions and all the backup tools work with it and the permissions don't end up messy.
> 
> I haven't figured out how to do inheritance with acls. Red Hat calls them collaboration directories, where any file written can be accessed by other users in a specific way. 
> 
> If I have two users alice (group local) and bob (group remote) need to share files they create. Using standard Posix permissions we would add them to a third group (say legal_data) and assign that group to the directory and give the directory group write and a sticky bit (chmod g+w,+t). The user's umasks would have to be 00? and then any file Alice writes Bob and read and write.
> 
> How is that done with ACLs?
> 

This is well documented in the ACL howto, which is worth a read to 
anyone following this discussion.