[KLUG Members] Effective file access question/advice: Part II

[Bob Kanaley]

Gentlemen and Scholars,

As stated in a previous post, I am struggling to understand effective file
access in Linux because my limited understanding has profound implications
on the management of my Samba server.

I am using Samba services on top of Linux file permissions to implement a
simple company wide file sharing mechanism. The method seemed marginally
adequate in the past. But, recent user requests are exposing the limitations
of my knowledge and approach.

<aside/ Sadly, work prevented me from attending the KLUG ACL presentation by
Matt Benjamin. I have been following the development of ACL capabilities in
Linux for some time. I believe that ultimately ACL’s will be my salvation.
But for right now, I am afraid that trying to solve my problems by applying
kernal patches and ACL’s would be like trying to put out a fire with
gasoline. /aside>

On my RedHat Samba file server, each user has a home and is a made a member
of a group named for the department they belong to. Each department has a
home created with the name of the department. This department home has a
directory creation mask of 0775 and is SGID. The file creation mask is 0664.
I use Samba permissions to regulate group access to the departmental shares.

My goal in setting permissions this way was to ensure that only those who
had Samba access to the department home could create, edit or delete
department files.

In addition to the homes and department shares, I have a share for company
wide read only access to files each department needs to share between
departments. In that share, I have soft symbolic links to files that are in
department shares.

This setup seemed to work just fine for segregating department files but
allowed for simple read only sharing of department files.

Unfortunately, I am getting more and more end user requests for access to
and sharing of files between specific individuals in different departments.
Depending on the access requested, I accommodate these requests in various
ways. For read only access, I simply put a link from the files in the
department share to the home directory of the requesting individual. This
seems pretty straightforward and reasonably safe.

However, when non-departmental employees require write access to just a few
departmental files I find it more difficult to fulfill the request and I am
not confident of the outcome. Since I don’t have ACL’s to accommodate these
types of request, I have utilized an oblique work around that may have
undesirable an catastrophic consequences.

I create a group that consists of the department and the individual or
individuals requiring write access to a group of department specific files.
I then create a share that is owned by that group. I move the requested
files into that share. I then put a symbolic link back to the original file
location so the department doesn’t notice a change in department file
location. I can then give the non-department user or users read access to
what appears to be department owned files by putting a symbolic link to the
home directory of the non-departmental person or persons requiring write
access to just that file or group of files.

My concern is that with the proliferation of files appearing to be in
department locations that are actually owned by a non-departmental group, I
am going to give an unsophisticated user effective file access that would
allow accidental deletion of files in for example the company wide read only
share!!!

If there is an simpler or better way to accomplish this sharing of writeable
files,  I would certainly love to learn how to do it. Without having ACL’s
to fine tune access permissions, this is the best solution that my simple
mind could come up with, and I am not confident in the outcome.

Any suggestions would be greatly appreciated.

Bob

Robert V. Kanaley
Manager Information Systems
Agdia, Inc.
rvk@agdia.com
http://www.agdia.com