WANTED: Clever solution for Transifex storage
Till Maas
opensource at till.name
Wed Mar 11 17:10:06 UTC 2009
On Mi März 11 2009, Colin Walters wrote:
> 2009/3/11 Till Maas <opensource at till.name>:
> > There is no way with ACLs to setup a directory where a group of users has
> > complete access to everything.
>
> "complete access to everything" isn't very well specified - can you
> give an example?
In a collaborative work environment where several people store files in one
directory or subdirectories of it, every user in the group should have read
and write access to any file.
> > It is still possible for a user to add a file
> > that cannot be accessed by other users or cannot be written to.
>
> Deliberately? Of course, the Unix discretionary permissions model has
> always allowed that, ACLs or not. But the default ACL setting on the
> directory should ensure that new files have the intended permissions.
The default ACLs are overwritten by the ACL mask, which is somehow built from
the traditional unix permission. E.g. if there is a directory with a default
mask that gives read and write permissions to a certain group, someone can
still (s)cp a file that is not group writeable to this directory. Then because
of the ACL mask, it is also not group writeable for the collaboration group.
With bindfs a root user can ensure that no non-root user will mess up the
permissions inside the common directory, regardless of whether it happens
intentionally or by accident.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090311/904a3e24/attachment.sig>
More information about the fedora-devel-list
mailing list