Best way to work with files with groups of people
Andy Graybeal
andy.graybeal at casanueva.com
Sat Oct 2 13:15:10 UTC 2010
What is the best way to work with files with different groups of people?
I have a 'finance' group and a 'tech' group among others.
I want the 'finance' people to be able to read and write to everything
in: /srv/Desktop/Finance
I want everyone else in the system to only be able to read that folder.
The same goes for every group.
Each user is in their respective group, finance, tech, etc.
I set folders and files up with ACL's and setguid, thinking this would work.
Here's an example of the ACLs on the /srv/Desktop/Finance folder:
andy at buddleia:/home/andy.graybeal$ getfacl /srv/Desktop/Finance/
getfacl: Removing leading '/' from absolute path names
# file: srv/Desktop/Finance/
# owner: root
# group: finance
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::r-x
andy at buddleia:/home/andy.graybeal$
Here's an example ACL of a file within the /srv/Desktop/Finance folder:
andy at buddleia:/home/andy.graybeal$ getfacl /srv/Desktop/Finance/Mileage\
forms.xls
getfacl: Removing leading '/' from absolute path names
# file: srv/Desktop/Finance/Mileage forms.xls
# owner: andy
# group: finance
user::rw-
group::rwx #effective:rw-
mask::rw-
other::r--
andy at buddleia:/home/andy.graybeal$
So far so great.
The problem I'm running into is when a user takes work home with them or
creates files from home, comes into work the next day and puts it onto
the server from a flash drive.
Here's what I'm getting from a file like that:
andy at buddleia:/srv/Desktop/Finance/INVOICES!/2010 invoices/Food/green
edge/09 september green edge 2010$ getfacl green\ edge\ 2010\ 09\ 01.pdf
# file: green edge 2010 09 01.pdf
# owner: candida.stamp
# group: finance
user::rwx
group::rwx #effective:---
mask::---
other::---
andy at buddleia:/srv/Desktop/Finance/INVOICES!/2010 invoices/Food/green
edge/09 september green edge 2010$
This file inherited the 'group ownership' so that's good, but it doesn't
inherit the permissions.
How do I make this so that when someone copies a file from their jump
drive into their folder, it inherits the permissions from the folder
(well everything but execute obviously)?
I've sent the same issue to ubuntu-users with no answers, I've since
worded it differently and thought maybe this would be a more appropriate
list.
Any help is appreciated.
-Andy
More information about the ubuntu-server
mailing list