[NTLUG:Discuss] Samba, ACL - permissions

[MadHat Unspecific]

Leroy Tennison wrote:
> Greg Edwards wrote:
>> Set other permissions to r-- (read only) and any valid user can read files 
>> in that directory.  You only need to deal with users that are allowed to 
>> write in a directory.  Of course, if you want all users to be able to 
>> write set other to rw-.  That should generate some SECURITY comments ;)
>>
>> Group management is allot easier than it seems.  The number of groups that 
>> a user can belong to is larger than you'll ever make use of.  A group can 
>> belong to a group.  And groups are inherited.
>>   
> Maybe I'm misunderstanding something, if the group "parent" is a member 
> of the group "child" and a directory has rwx for "child" (assuming 
> ...rwx... where "child" is the group owner) then should members of 
> "parent" be able to write to this directory? If not then what is the use 
> of having groups be members of other groups?
> 
> I'm running CentOS 4.5 (a non-commercial RHEL 4 clone) and the following 
> doesn't work:
> 
> [root at linux-b /]# ls -ald family kids
> drwxrwx--- 2 root parent 4096 Jun 6 00:55 family
> drwxrwx--- 2 root child 4096 Jun 6 00:59 kids
> 
> [root at linux-b /]# cat etc/group | grep 50
> ftp:x:50:
> leroy:x:500:
> pegasus:x:501:
> parent:x:502:user1
> child:x:503:user2,parent
> 
> [user1 at linux-b /]$ whoami
> user1
> [user1 at linux-b /]$ cat > kids/testing
> -bash: kids/testing: Permission denied
> 
> [user1 at linux-b /]$ newgrp child
> Password:
> 
> (According to the Red Hat documentation a password should be required 
> only for non-members of a group).
> 

Don't assume what group your user is in, run 'id' and see what your
effective user and groups are...

$ id
uid=501(madhat) gid=501(madhat) groups=501(madhat),10(wheel),100(users)

Remember that you have to log out and back in to change the group, as it
is assigned at login time and not checked at each usage (there may be
another way, but I prefer to be sure it will work next time I log in).