[ale] rights and security

Jeff Barber jeffb at sware.com
Thu Apr 25 10:18:10 EDT 1996


David Hamm writes:
> 
> I need to have 4 groups of users on my Linux Internet server.  The =
> groups are as follows.
> 	sysusers
> 		users
> 			employees
> 				customers
> I want the sysusers to have free reign over the other groups files and =
> the users only to have free reign over the employees and the customers =
> files and the employees to have fre reign over the customers files.  How =
> can this be done?  The man pages don't go into any detail on systems =
> administration.  Any ideas would be welcomed.

You can easily assign a distinct group ID to users from each of these
sets as their primary group ID.  And by assigning additional
supplementary group IDs to the employees, users, and sysusers sets,
you can grant them the ability to read the files of designated other
groups.  And finally, you can even set up a default umask to cause new
files to be created with the appropriate ownership and permissions based
on a user's primary group ID.

However, if the users are given access to ordinary Linux commands (i.e.
if they are given ordinary shell accounts), there's no easy way to prevent
the users from foiling your scheme by chmod'ing their files and/or
changing their umask.  That is, if the users have access to the Linux
command set, you won't be able to maintain the scheme without their
willing cooperation.


-- Jeff






More information about the Ale mailing list