[NTLUG:Discuss] File Access

Steve Baker sjbaker1 at airmail.net
Tue Jul 11 20:54:53 CDT 2000 

kneece wrote:
> 
> I have a question asked of me by a fellow student, and I am not really
> sure about the answer, so I would like to get a response from this
> group.
> 
> My friend wants to know, "If I make a group in Linux (RedHat 6.1), and I
> give the group access to the files one of the groupmember owns, how can
> I delete the owner of the files from the group, but let the group keep
> access to the files?"

Well, if you remove the owner of the file from the group (by hacking /etc/groups
or something) - then the file will still have that group affiliation - whilst
also being owned by the original owner.

To deny the original owner access, you'd need file permissions that are:

  ----rw----

ie - no owner privilages, no world privilages - but wide open group privs.

Of course the owner of the file can easily get around that by just 'chmod'ing
the file back how he wants it.  To prevent *that*, you'd have to deny access
to the directory that contains the file (and it's parent directory and...
all the way back up to the point where the parent directory is not owned
by that user).
 
> I would assume (probably my first mistake) that you would make the group
> the owner of the files.

Er - the 'group' that is affiliated with the file (that "owns it") is a
separate thing from the 'user' that owns the file.  The user doesn't have
to be a member of that group for it to be set up like that.

I'd shy away from saying that a group 'owns' a file though - it's not
exactly like that.

When someone creates a file, they own it and (in effect) nominate one
specific group to have group access rights to that file.  By default
that's the group they belong to - but it could be some other group
instead.

>  Am I on the right track or is there an easier
> way to do this?

Well, it's certainly an unusual thing to want to do.  I would normally
just change the ownership of the file to someone who *is* a member of
the group using 'chown'.

I guess the best thing to say at this point is: "Why the heck does
your friend want to know such an obscure thing?" - because the answer
to that question probably reveals "The Right Thing" to do.

--
Steve Baker   HomeEmail: <sjbaker1 at airmail.net>
              WorkEmail: <sjbaker at link.com>
              HomePage : http://web2.airmail.net/sjbaker1
              Projects : http://plib.sourceforge.net
                         http://tuxaqfh.sourceforge.net
                         http://tuxkart.sourceforge.net
                         http://prettypoly.sourceforge.net

More information about the Discuss mailing list