Hello,
drwxr-x--- 21 root system 4096 Jan 25 10:20 /testdir
here owner is root, group is system.
1) is it possible to add multiple groups to "/testdir" files/directories ?
if yes, please provide me the command.
my requirement is to
provide read-only access to user1 on /testdir directory
and provide read-write access user2 on /testdir directory
[root@aixlpar]/>id user1
uid=277(user1) gid=1(staff)
[root@aixlpar]/>id user2
uid=278(user2) gid=1(staff)
2) is it possible to provide read only access on /testdir to a user
and read/write access to other user at the same time ?
please help me understand this.
Who do the files belong to?
Thanks for your reply.
files belong to root.
drwxr-x--- 21 root system 4096 Jan 25 10:20 /testdir
I can provide read access to this folder /testdir
but
user2 needs read/write access. i can not add it to system group. (even if i have write on system group)
if you have only these two users, the easiest solutions is to make
chown user1:staff /testdir
then user1 will have write access to the directory and user2 (and other users from group staff) will have read-only access.
nope...we've other user's too. I do not want to change the ownership from root. is there any other way ?
if you don't want to change anything, you receive nothing. there is a way without changing the ownership, but it is not the way you want, because it requires a little bit deeper understanding of AIX permission system and can cause some strange behaviour if it is applied without knowledge.
The way you want to go is to make one other group, say rwgroup. Users, who must have the right to write in the directory, receive this group as their secondary group. You change the owning group of the directory to rwgroup and set permissions to 2775. In this case all the users, who belong to rwgroup, can write to the directory. All the files they create in the directory will be created with rwgroup. All users, who don't belong to rwgroup, has read (list) access to the directory.
In this case you solve your task in a portable and clear for every administrator (and every tool) manner. If you choose another way, say allow 2 groups to write to one directory, it makes the solution unnecessary complex. After a year or two nobody will remember the solution and why it was done so. It will lead to wrong decisions and unsupportable environment. The main UNIX principle - keep it simple!