Newbie question : Protection scheme in UNIX
Posted on 1998-08-15
Suppose there are 10000 users and I want to allow 9990 of these
users to be able to access one file. The remain 10 are not allowed.
I can imagine two possible solutions :
Solution 1 :
1) assign the 9990 people into the group, say, groupa
2) assign the remain 10 people into another group , say groupb
3) change the group ownership of the file to groupa so that
only groupa's people can read/write/excute it.
However, i worry anyone in groupa will change the mode of the
file by some program like chmod o+rwx filename or some other
program written by someone , so that groupb's people can
read the file.
Solution 2 :
1) assign the 10 people into another group , say groupb
2) change the group ownership of the file to groupb
3) chmod o+rx
chmod g-rx filename
so that the groupb's people cannot read it but other group can
Which one work better ? And another more effective scheme?