Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two groups, group staff and employees and one directory in which both groups may place files in. The employees group may only remove files from their own group but not from the staff group, while the staff group may remove files from both groups (their own and employees).
I've been trying to solve this the usual way, giving the directory to the employees group (all staff are also in the employees group), but the problem is that then employees can simply remove files owned by staff member from that dir. Otherwise, the dir belongs to the staff, the employees won't be able to create file withing that dir...
I don't speak fluent ACL which I know would be perfect for this situation. I'd appreciate it a lot if someone could help me out.
If you only want the owner of a file to be able to delete a file, then you could set the sticky bit on the directory containing the file.
Otherwise, how you do it may depend on whether you are wanting acl support for a samba share, or if these are users of the server itself.
Also, whether the kernel has acl support and what filesystem is used for the partition. There is a Samba-XFS ACL howto on the web. Also, the Samba 3 documentation may contain more recent information.
SELinux also offers more granualarity in controlling types of access.
Some of these options may need preplanning however. If you use reiserfs in SuSE, an ACL reiserfs option is selected by default during the installation. It is possible in your case that a reformatting of the filesystem, and maybe even recompiling your kernel may be needed.
( Oh, by the way, Happy Birthday! Mine was just last week. )
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.