On Thu, Jan 2, 2025 at 2:37 PM brent saner via plug <
plug@lists.phillylinux.org> wrote:
>
> On Thu, Jan 2, 2025, 11:33 Mike Leone via plug <
plug@lists.phillylinux.org> wrote:
>>
>> (be kind, it's been years since I had to do any day-to-day Linux administration ...)
>>
>> I will have a set of vendors who will be uploading (sftp) files to us on our DMZ. I want each vendor to have ownership and full permissions into only their own folder (obviously), but I want our employee to have access rights into each of those folders (so they can sftp the files out of there and into the protected LAN).
>>
>> SO what I am planning is something like this:
>> (SNIP)
>
>
> I'd actually just do this with POSIX ACLs. Set a default on the parent dir's ACL (setfacl -d) for the employee group with rwx (or rx, etc.) (so `setfacl -d --set g:staff_group:rwx /path/to/sftpdir`).
$ setfacl -d --set g:TitleCompanies:rwx /TitleDocuments/
setfacl: /TitleDocuments: Operation not supported
This is an excessively old system (as in, created well before this decade). I see that a solution is to modify /etc/fstab to allow this, but I hesitate to change anything so drastic on such an old (production) system.
$ cat /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
>
> Ta-da. Applies to new directories recursively automatically.
> ___________________________________________________________________________
> Philadelphia Linux Users Group --
http://www.phillylinux.org> Announcements -
http://lists.phillylinux.org/mailman/listinfo/plug-announce> General Discussion --
http://lists.phillylinux.org/mailman/listinfo/plug--
Mike. Leone, <mailto:
turgon@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <
http://www.flickr.com/photos/mikeleonephotos>