3

I freely admit this is homework:

Imagine you and your friend host an IT faculty in your former school. The list of attendees is in the attached text file. You need to manage permissions for directories documents, tasks and solutions. Write a script that creates accounts for all attendees and sets permissions in such a way that:

  • Every attendee has the right to read files that will be created in the directory documents, while your friend has the right to read and modify files from this directory, but can't add or remove anything;
  • Every attendee has the right to read files that will appear in the directory tasks, while your friend has all rights to this directory;
  • Every attendee has the right to place their solutions in the directory solutions/<ID of attendee>-<ID of task>;
  • Your friend has all rights to the solutions directory tree, while the attendees can't see the solutions of their peers.

This is homework from basic file permissions (chmod, umask) and ACLs (setfacl)

Now this is what perplexes me:

We have to set fine-grained permissions for files that are not yet present but will be created in the future?!?!

To my understanding:

  • umask allows us to set default permissions for newly created files; but these are only the basic owner-group-others permissions, so I can't really differentiate my friend's permissions with attendees' permissions with attendees' peers' permissions;
  • setfacl ONLY allows me to set permissions for files that already exists or I create, but NOT files that will be created in the future!

So I'm ignorant on how to do this homework. Can someone show me the right track?

Community
  • 1
aaaeee
  • 31
  • 1
  • 3

1 Answers1

1

Some pointers to get you into right direction:

  • ACL man page section says about default ACLs:

    The access ACL of a file object is initialized when the object is created with any of the creat(), mkdir(), mknod(), mkfifo(), or open() functions. If a default ACL is associated with a directory, the mode parameter to the functions creating file objects and the default ACL of the directory are used to determine the ACL of the new object:

    1. The new object inherits the default ACL of the containing directory as its access ACL.

    2. The access ACL entries corresponding to the file permission bits are modified so that they contain no permissions that are not contained in the permissions specified by the mode parameter.

  • Using sticky bit on directories you can change the owner/group of the new files created in the directory. Files created in directory will have the owner/group of the sticky directory instead of the default group. For more details, see question: How does the sticky bit work?

sebasth
  • 14,872