TurnKey Linux Virtual Appliance Library

Folder access control

I am in the process of setting up a server running the file server and mediawiki appliances, for use in a small research laboratory.  I am somewhat familiar with users in linux, but am having trouble figuring out the best way to achieve the access control I desire.

The file server itself consists of the server (obviously) attached to rack-mounted external drives (essentially 4-drive units with hardware-RAID; appears as a single external dive when plugged into the server).  These drives are mounted in /media

I want there to be three "types" of users, which I thought I could manage via groups.  The three types would be:

1) "Computers"; essentially accounts which are used to "permenently" mount the drive on our lab computers.  These accounts would have full read/write access to all folders/files on the external drives.

2) "Lab members"; essentially a personal account for each lab member.  They would have read/write access to their accounts, but read-only access to the remainder of the drives.

3) "Collaberators"; people not in my lab who I need to share files with.  They would have read/write access their account, no access to the remainder of the drive.

I've not been able to get this to work as desired; does anyone have advice on how to best implement this.  AFAIK, the problem lies in how file permissions are usually implemented.  Since there is no inheritance of permissions, if the "computer" account is used to access/create a file in a "lab member" directory, it remains property of the "computer" account.

Any help is appreciated.

Thanx

Bryan

Jeremy's picture

Should be doable AFAIK

A few Ubuntu forum threads that may be useful (TKL v11.x is based on Ubuntu 10.04 server):

http://ubuntuforums.org/showthread.php?t=1196997
http://ubuntuforums.org/showthread.php?t=1853539
http://ubuntuforums.org/showthread.php?t=1683595

The last one isn't completely relevant but a quick glance made me feel inclined to include it.

Good luck :)

PS if you get it working as you hope, be great if you could post back with details. Thanks

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)