Re: Group rights

[Darik Horn <dajhorn@vanadac.com>]

> How then, do I assign multiple groups, different permission to the
> same folders

You cannot assign multiple groups to an object in a traditional unix 
filesystem. (This is the way that Debian ships.)

Past that, you'll need to install support for access control lists 
("ACLs"). If you're serving clients over the network, then you might 
find this handy:

http://www.bluelightning.org/linux/samba_acl_howto/


> and do those permissions cascade downwards ?

No, they apply only to the object on which they are set.

(Notice the -R switch of the chown and chmod programs.)


> Can groups be members of groups ?

No.

Suppose, for example, that you have these two lines in your /etc/groups 
file:

www-data:x:33:staff
staff:x:50:alice,bob,charlie,mjoyce

And that you have this directory:

drwxr-x---  root  www-data  /var/www/stuff

The user mjoyce will not be allowed to change directory into 
/var/www/stuff because he is not the root user or a member of the 
www-data group.  Group members are always users, the staff member of 
www-data is not recognized as a group or otherwise expanded.


Joyce, Matthew wrote:

> Dear Debain Users,
>
> I'm a little confused regarding the use of group to assign file rights.
>
> I was under the impression that user can be members of groups and groups can
> be used to assign permissions to files and folders.
>
> How then, do I assign multiple groups, different permission to the same
> folders and do those permissions cascade downwards ?
> If they do, how do you stop them ?
>
> Do I have to make a new group (GroupAandGroupB) and manage it that way ?
>
> I'm thinking along the lines of Novells (rather good) Trustee
> Rights/Inherited Rights/Rights Masks.
>
> Can groups be members of groups ?
>
> Thanks
>
> Matt