Linux

49393 readers

1451 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Need acl help on restricting certain permissions but allowing others (lemmy.world)

submitted 2 weeks ago by Enragedzeus@lemmy.world to c/linux@lemmy.ml

2 comments fedilink hide all child comments

I am trying to restrict access to our workgroup shares so no one can accidentally delete or move them.

Basically /path/to/parent/SHARE WITH TEAM FOLDERS/

The directory in caps is all the different team shares in the company. Hr, sales, etc. the issue we have is everyone has access to the directory with all the shares and from there it’s governed by groups on the acl.

Sometimes users accidentally drag a folder into a different teams folder or deletes a team folder.

I can’t find a way to restrict access so that the groups applied can still have access but restrict delete or moves.

Any help would be greatly appreciated….i might actually cry if something works too.

you are viewing a single comment's thread
view the rest of the comments

[–] tvcvt@lemmy.ml 2 points 1 week ago (1 children)

Take this with a grain of salt, the more I re-read, the more I realize I'm making assumptions about your setup that may or may not be true. First, I'm making an assumption that you're doing ACLs for samba shares (and I know that system better on FreeBSD than Linux). I'm also assuming based on your description you want everyone to have access, but not write access.

I think you could do an officewide group with read-only permissions on all of the shares and then set the unix group to the department.

So, for your HR team you'd do chgrp -R hr /path/to/parent/shares/hr and setfacl -m d:g:rwx /path/to/parent/shares/hr and add the officewide group's read-only perms: setfacl -m d:g:officewide:rx /path/to/parent/shares/hr. Rinse and repeat for each share.

Not sure if this is what you're after, but maybe it'll help lead in a good direction.

[–] Enragedzeus@lemmy.world 2 points 1 week ago

I can take a look at this. We use dell isilon which is Unix.

I’ll try to clarify better, as I was reading I couldn’t figure out how to explain it better, to start these are SMB shares. We also have about 90,000 employees to put the scale into perspective. For some reason I think they wanted to avoid the read only group because with that many employees it might be a group IT sec doesn’t want to have exist.

But it’s basically:

Directory/directory/directory/workgroup/hr Directory/directory/directory/workgroup/finance Directory/directory/directory/workgroup/IT Directory/directory/directory/workgroup/exec Directory/directory/directory/workgroup/engineering

Everyone has basically full access to wrkgrp but the team AD groups are applied to hr, finance, etc