Why don't you create a new group on the server, and each client computer
that will need access to the target directories/files on the server,
making sure the new group created has the same group id across the
network. The command to do this is groupadd:
man groupadd
groupadd -g 588 music-group
This will create a new group named "music-group" with a group ID of 588.
Then in the target directory of the server, change all directories and
files to group "music-group" :
chgrp -R music_group /usr/local/myapp
Lets make root the owner of all files on the target directory:
chown -R root /usr/local/myapp
Now the system will check to see if anyone access the target
directories/files is the owner. If so the owner file permissions will
apply. If the user accessing the target directories/files is not the
owner, the system will check to see if the user is a member of the
"music-group". If so, the directory/file permissions for the
music_group will appy. If the user accessing the directory/file is
neither the owner or member of the "music-group", the system will grant
permission under others.
Now we will add permissions to the files and directories:
chmod -R 775 /usr/local/myapp
Now all files and directorys should have permissions that look something
like:
-rwxrwxr-x 1 root music_group 27139 Dec 3 2005 xsnow-1.41-1.i386.rpm
Next we will need to make the various user who need read, write, and
execute permission to the target directories/files, members of the
"music_group". The command to do this is "gpasswd"
man gpasswd
gpasswd -M carl music_group
You will need to be root to execute most, if not all, of these command,
depending whether you are working on directories you own, etc.
Regards,
LelandJ
Carl Karsten wrote:
> > files. For each user that needs access to the myapplication directory
> > via a mount, you would need to be sure that the myappgroup existed on
> > the client computer and that the user was assigned as a member of the
> > myappgroup group. The myappgroup group ID number on the client should
> > agree with the myappgroup ID number on the server. This would give the
> > user rwx permissions to the mounted directory.
>
>I am guessing it is the ID's that are hosing me.
>
>As a hack, I made the dir world writeable, and duh... I can write to it.
>
>What is the right way to do this?
>
>details of my tests.
>
>server: e18 - linux
>clients: cnt550 (linux), adocentyn (mac)
>
>* OS version details:
>juser At e18:~$ uname -a
>Linux e18 2 DOT 6.17-10-generic #2 SMP Fri Oct 13 18:45:35 UTC 2006 i686 GNU/Linux
>
>juser@cnt550:~$ uname -a
>Linux cnt550 2.6.17-10-386 #2 Fri Oct 13 18:41:40 UTC 2006 i686 GNU/Linux
>
>adocentyn:~ carl$ uname -a
>Darwin adocentyn.personnelware.com 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep 8
>17:18:57 PDT 2006; root:xnu-792.12.6.obj~1/RELEASE_PPC Power Macintosh powerpc
>
>* user and group IDs:
>
>juser@cnt550:~$ id
>uid=1000(juser) gid=1000(juser)
>groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(lpadmin),111(scanner),114(admin),1000(juser)
>
>juser@e18:~$ id
>uid=1000(juser) gid=1000(juser)
>groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(lpadmin),111(scanner),114(admin),1000(juser)
>
>adocentyn:~ carl$ id
>uid=502(carl) gid=502(carl) groups=502(carl), 81(appserveradm),
>79(appserverusr), 80(admin)
>
>* server setup
>juser@e18:~$ cat /etc/exports
>/home/juser adocentyn(rw,sync,insecure) cnt550(rw,sync,insecure)
>
>juser At e18:~$ sudo exportfs -av
>exporting adocentyn DOT personnelware.com:/home/juser
>exporting cnt550.personnelware.com:/home/juser
>
>juser@e18:/$ ls -ld / /home/ /home/juser/
>drwxr-xr-x 21 root root 4096 2006-12-11 18:11 /
>drwxr-xr-x 3 root root 4096 2006-12-11 18:35 /home/
>drwxr-xr-x 2 juser juser 4096 2006-12-30 17:00 /home/juser/
>
>
>* cnt550 client setup:
>juser@cnt550:~$ grep e18 /etc/fstab
>e18:/home/juser /mnt/nfs/e18/juser nfs user,soft,noauto,defaults 0 0
>juser@cnt550:~$ ls -ld /mnt/nfs/e18/juser
>drwxr-xr-x 2 root root 4096 2006-12-30 17:38 /mnt/nfs/e18/juser
>juser@cnt550:~$ mount /mnt/nfs/e18/juser
>juser@cnt550:~$ touch /mnt/nfs/e18/juser/x
>juser@cnt550:~$ ls -l /mnt/nfs/e18/juser/x
>-rw-r--r-- 1 juser juser 0 2006-12-30 17:40 /mnt/nfs/e18/juser/x
>
>adocentyn:~ carl$ sudo mount e18:/home/juser nfs/e18/juser/
>adocentyn:~ carl$ ls -l nfs/e18/juser
>-rw-r--r-- 1 1000 1000 0 Dec 30 17:40 x
>
>adocentyn:~ carl$ touch nfs/e18/juser/y
>touch: nfs/e18/juser/y: Permission denied
>
>Ok, hack to make it work:
>juser@e18:/home$ chmod 777 juser/
>
>adocentyn:~ carl$ touch nfs/e18/juser/yadocentyn:~ carl$ ls -l nfs/e18/juser/y
>-rw-r--r-- 1 carl carl 0 Dec 30 17:48 nfs/e18/juser/y
>
>(yay!)
>
>Carl K
>
>
[excessive quoting removed by server]
©2006 Leland Jackson |
|
