Access Control List problems
2007-12-24 19:20:00
I am running an E250 file server, NFS serving an Ultra5 web server,
both runing Solaris 7, in a university environment. We would like to
set up per-class web space to allow instructors to provide information
to their students. We set up one directory per class with the
instructor as 'owner', the 'group' set to allow the web server to have
read access and no 'other' access. The instructor uses FTP to connect
to the file server and work with the web page files. This works fine
until the instructor wants his/her secretary or assistant to be able to
work with files in the class directory as well, and doesn't want to give
out his/her password.
I tried setting up ACL access for the secretary/assistant on the class
directory with defaults for the files created there, but am having
trouble getting things to propagate properly to any subdirectories
created in the class directory. In particular, I don't see any way to
get the setgid bit to propagate as it would if I was not using ACLs. So
any files created in a subdirectory get the creators group and the web
server can't read them. I don't want to have to use 'other' access to
allow the web server to read the files, since some instructors want to
keep the information private, using acess controls in the web server so
that only their students can get the web pages. Setting read access for
'other' would defeat that confidentiality.
I'm sure I'm not the first person to try to set something like this
up. Is there a way to set up this 'multiple-owner' type of access,
either with or without using ACLs? The Sys Admin Guide and man pages
are a little light on examples, particularly for default permissions.
Any help or suggestions would be greatly appreciated.
Russ
--
Russell D. Wilton E Mail: WILTON at ULeth.CA
Network Services Manager Voice: (403) 329-2525
University of Lethbridge FAX: (403) 382-7108
4401 University Drive Lethbridge, Alberta, CANADA T1K 3M4
Comments
Got something to say?
You must be logged in to post a comment.
