[plug] /etc/group
Anthony J. Breeds-Taurima
tony at cantech.net.au
Mon Nov 18 15:41:24 WST 2002
On Mon, 18 Nov 2002, Brad Campbell wrote:
> G'day all,
>
> Have not been able to figure this out and have not really found any help
> on the net. Sooo....
>
> I have done a moderately sized NT to Samba changeover and am suffering
> pretty badly with the reduced granularity on file/dir ACL's..
>
> NT seems to do better here with the ability to have mutliple groups/users
> tied to a file or dir, rather than the standard unix user/group/other format.
>
> Is there any way I can
> A) make any file created in a dir inherit the dirs group id.
> B) Add a group to a group in /etc/group.
>
> ie
> users:x:100:brad, john, rob
> grp1:x:101:users
> grp2:x:102:users, fred
>
> I think I can break the ACL's down far enough by fixing the modes on a
> directory and having everything inide the dir mode 777. Which is what
> we want, we just want to block certain people from certain dirs.
> I need about 20 groups for the granularity that I require and hope to avoid
> having to add users to all of them manually when I need to add/delete a user
> to/from the system.
>
> Also, can anyone recommend a good read on the net about this stuff?
>
> I can manage everything else ok, but this office has a serious thing for
> privacy and security and the NT setup they had was most complex.
Basically waht you want is the POSIX ACLS from bestbits.net
(http://acl.bestbits.at/). You can do _nearly_ everything you want.
Samba has ACL support aswell. You still have the problem that only the unix
owner can modify the ACL's but it's pretty cool and works well.
I'm running varisou versions of this across 3 linux boxes 3 NT domains with
about 2000 users. I still have NT PDC's so I use winbindd to make these
users/groups/domains available to linux.
Yours Tony
Jan 22-25 2003 Linux.Conf.AU http://linux.conf.au/
The Australian Linux Technical Conference!
More information about the plug
mailing list