From: Albert Cahalan <albert@users.sf.net>
To: linux-kernel mailing list <linux-kernel@vger.kernel.org>
Cc: gami@d10systems.com
Subject: Re: setgid - its current use
Date: 08 Apr 2004 13:40:55 -0400 [thread overview]
Message-ID: <1081446055.1587.172.camel@cube> (raw)
Dhruv Gami writes:
> On Thu, 8 Apr 2004, Denis Vlasenko wrote:
>> On Thursday 08 April 2004 04:46, Dhruv Gami wrote:
>>> I'd like to know the possibility of using setgid for users
>>> to switch their groups and work as a member of a particular
>>> group. Essentially, if i want one user, who belongs to
>>> groups X, Y and Z to create a file as a member of group Y
>>> while he's logged on as a member of group X, would it be
>>> possible through setgid() ?
>>
>> it is possible through chmod
>
> but that would be an explicit way of doing it, right ?
> I'm looking for doing this via some system calls or something
> transparent to the user. At most I'd like to query the user
> for the group as which he wants to work. Which would
> essentially be a question I ask at login or beginning of a
> session.
I think you need user-private groups and setgid directories.
First of all, ensure that each user has a group of
their own. Do NOT put all users into a "users" group.
So user "gami" would be in group "gami", or maybe
a "gami_group" group if you prefer. Have the home
directories owned by these groups.
Second, set the umask to allow group write access.
(this is why you need the user-private groups)
Now suppose you have two users, bill and tom,
who need to work together on the spamming project.
Create a group called "spamming". Create a project
directory /projects/spamming owned by root and
in the spamming group. Make this directory setgid
and group writable. Any files created in this
directory will be owned by the spamming group.
Due to the umask setting, permissions on these
new files will allow access by all group members.
The setgid bit will propagate to any newly created
directories, but not to newly created files.
next reply other threads:[~2004-04-08 17:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-08 17:40 Albert Cahalan [this message]
2004-04-09 1:46 ` setgid - its current use Rob Couto
-- strict thread matches above, loose matches on Subject: below --
2004-04-08 1:46 Dhruv Gami
2004-04-08 7:41 ` Denis Vlasenko
2004-04-08 3:06 ` Dhruv Gami
2004-04-08 11:49 ` Miquel van Smoorenburg
2004-04-08 14:08 ` Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1081446055.1587.172.camel@cube \
--to=albert@users.sf.net \
--cc=gami@d10systems.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.