On Sat, 2003-10-18 at 18:21, Simon Bryan wrote: > All my staff are in two groups, popusers is their primary group and staff is the > secondary group.
>Below is part of a directory listing, I would have thought that anybody in the >'staff' group would have full control. However they can generally negotiate through >the directories until they hit one with files in and then they get 'permission >denied' >When they are on the local network they access the files with no problems from >Windows workstaions using SAMBA. >I have subsequently set the permissions to 776 and the owners to nobody.staff for >the whole directory. This solves the access problem...but.... >They are accessing the directory through a system called AUC which is a 'curriculum >content management system, with email and discussion boards' etc and is in fact a >large cgi script. Is it feasible that the cgi is not recognising them as being >members of the staff group? If so any ideas on how I would 'fix' it? Yes, your cgi is unable to gain permission to staff group. I suspect your cgi(httpd) is running as owner='nobody' and group='nobody'. I suspect that your 'smbd' and 'nmbd' daemons are running as owner='root' and group='root'. So, it does not matter to SAMBA what your owner permissions because then your group permission='staff'. Given that the above configuration is implemented, I suggest you change your cgi(httpd) owner='nobody' and group='staff' and restart 'httpd'. But be aware that by doing so your cgi will have added permissions to any file and directory with group='staff' within your 'httpd' space in addition to the ones in your list below. Incidentally, I noticed that some of your directory permissions are 'drwxrwxrwx'. This set of permissiions, as you know, allow anybody to 'rwx' in these directories including create and execute those files. If this is not what you intended, you may want to reconsider this permission to at most something like, 'drwxr-xr-x'. This means that group='staff' may scan the directories and write to files within these directories provided these files have the appropriate permissions. The group cannot create files within these directories with the above permissions. >drwxrwxrwx 20 root staff 4096 Oct 17 12:13 . >drwxrwxrwx 4 root root 4096 Oct 10 11:10 .. >drwxrwx--- 2 root staff 4096 Oct 15 09:55 Admin >drwxrwx--- 2 nobody staff 4096 Oct 17 12:23 BOARD >drwxrwx--- 5 root staff 4096 Aug 18 11:45 BookIt >drwxrwx--- 2 root staff 4096 Sep 11 07:08 BOS >drwxrwx--- 6 root staff 4096 Oct 10 11:29 CoCurricular >drwxrwx--- 10 root staff 4096 Oct 10 11:23 Curriculum_Coordinator >drwxrwxrwx 4 root staff 4096 Oct 10 11:15 Director_of_Mission >drwxrwx--- 2 root staff 4096 Oct 16 11:50 Excursions >drwxrwxrwx 17 root staff 4096 Oct 13 21:14 LearningAreas >drwxrwx--- 17 root staff 4096 Aug 27 13:37 Literacy >drwxrwx--- 4 root staff 4096 Oct 15 16:42 MAGAZINE 2003 >drwxrwx--- 2 root staff 4096 Oct 16 07:57 NEWSLETTER ITEMS >drwxrwx--- 9 root staff 4096 Aug 4 14:00 Parramatters >drwxrwxrwx 8 root staff 4096 Oct 15 14:49 PastoralCare >drwxrwx--- 3 root staff 4096 Oct 10 11:22 Peer_support >drwxrwx--- 2 root staff 4096 Sep 30 14:37 ProfDev >drwxrwx--- 2 nobody staff 4096 Oct 15 12:39 Technology Bulletin >drwxrwxrwx 3 root staff 4096 Oct 10 11:19 TechSupport >-rwxrwx--- 1 nobody staff 26624 Oct 15 17:33 WORKFLOW STEPS.doc >-rwxrwx--- 1 nobody staff 19968 Oct 15 16:30 Year 11 Retreat.doc Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
