What is the best way to work with files with different groups of people? I have a 'finance' group and a 'tech' group among others.
I want the 'finance' people to be able to read and write to everything in: /srv/Desktop/Finance I want everyone else in the system to only be able to read that folder. The same goes for every group. Each user is in their respective group, finance, tech, etc. I set folders and files up with ACL's and setguid, thinking this would work. Here's an example of the ACLs on the /srv/Desktop/Finance folder: a...@buddleia:/home/andy.graybeal$ getfacl /srv/Desktop/Finance/ getfacl: Removing leading '/' from absolute path names # file: srv/Desktop/Finance/ # owner: root # group: finance # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:mask::rwx default:other::r-x a...@buddleia:/home/andy.graybeal$ Here's an example ACL of a file within the /srv/Desktop/Finance folder: a...@buddleia:/home/andy.graybeal$ getfacl /srv/Desktop/Finance/Mileage\ forms.xls getfacl: Removing leading '/' from absolute path names # file: srv/Desktop/Finance/Mileage forms.xls # owner: andy # group: finance user::rw- group::rwx #effective:rw- mask::rw- other::r-- a...@buddleia:/home/andy.graybeal$ So far so great. The problem I'm running into is when a user takes work home with them or creates files from home, comes into work the next day and puts it onto the server from a flash drive. Here's what I'm getting from a file like that: a...@buddleia:/srv/Desktop/Finance/INVOICES!/2010 invoices/Food/green edge/09 september green edge 2010$ getfacl green\ edge\ 2010\ 09\ 01.pdf # file: green edge 2010 09 01.pdf # owner: candida.stamp # group: finance user::rwx group::rwx #effective:--- mask::--- other::--- a...@buddleia:/srv/Desktop/Finance/INVOICES!/2010 invoices/Food/green edge/09 september green edge 2010$ This file inherited the 'group ownership' so that's good, but it doesn't inherit the permissions. How do I make this so that when someone copies a file from their jump drive into their folder, it inherits the permissions from the folder (well everything but execute obviously)? I've sent the same issue to ubuntu-users with no answers, I've since worded it differently and thought maybe this would be a more appropriate list. Any help is appreciated. -Andy -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
