alanpong
asked on
Newbie question : Protection scheme in UNIX
Hello,
Suppose there are 10000 users and I want to allow 9990 of these
users to be able to access one file. The remain 10 are not allowed.
I can imagine two possible solutions :
Solution 1 :
1) assign the 9990 people into the group, say, groupa
2) assign the remain 10 people into another group , say groupb
3) change the group ownership of the file to groupa so that
only groupa's people can read/write/excute it.
However, i worry anyone in groupa will change the mode of the
file by some program like chmod o+rwx filename or some other
program written by someone , so that groupb's people can
read the file.
Solution 2 :
1) assign the 10 people into another group , say groupb
2) change the group ownership of the file to groupb
3) chmod o+rx
chmod g-rx filename
so that the groupb's people cannot read it but other group can
read it.
Which one work better ? And another more effective scheme?
Many thanks.
rgds.
alanpong@hkstar.com
Suppose there are 10000 users and I want to allow 9990 of these
users to be able to access one file. The remain 10 are not allowed.
I can imagine two possible solutions :
Solution 1 :
1) assign the 9990 people into the group, say, groupa
2) assign the remain 10 people into another group , say groupb
3) change the group ownership of the file to groupa so that
only groupa's people can read/write/excute it.
However, i worry anyone in groupa will change the mode of the
file by some program like chmod o+rwx filename or some other
program written by someone , so that groupb's people can
read the file.
Solution 2 :
1) assign the 10 people into another group , say groupb
2) change the group ownership of the file to groupb
3) chmod o+rx
chmod g-rx filename
so that the groupb's people cannot read it but other group can
read it.
Which one work better ? And another more effective scheme?
Many thanks.
rgds.
alanpong@hkstar.com
ASKER
-r-xr-x--- root groupa 1 Aug 16 00:32 myfile
Just imagination, i've never tried to change the ownship of the file.
Do you mean if the owner is 'root' (or someone else) and the attributes of the file is like above, no one else in groupa can use chmod?
Thanks
rgds.
alan
Just imagination, i've never tried to change the ownship of the file.
Do you mean if the owner is 'root' (or someone else) and the attributes of the file is like above, no one else in groupa can use chmod?
Thanks
rgds.
alan
AFAIK, so it is.
See 'man chmod' for more details.
-julio
See 'man chmod' for more details.
-julio
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you.
Whoever has got write rights can modify a file, including its permissions.
Regards, julio