how do you manage group memebrships and access control lists in linux. Say i have a big corporation and i want to have a set of people from building 1 have access to a paticular website or a network resource but not the people from building two. how do i accomplish something like this? Or even a simpler scenario i am in this corporation and i want to share some files out to a few individual people in the company, how do i do this?
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
calling all linux lovers
- Thread starter Ameesh
- Start date
thawolfman
Lifer
why is slashdot red?
Originally posted by: thawolfman
why is slashdot red?
i'll tell you if you tell me.
Originally posted by: Mucman
I'm no linux expert, but I don't think ext2 has ACLs. You need a more advanced file system like XFS I believe.
<edit>this would probably get better replies in the OS forum</edit> 😉
i rarely venture into their cause they are a bunch of crazies who rarely are reasnable.
Originally posted by: Mucman
I'm no linux expert, but I don't think ext2 has ACLs. You need a more advanced file system like XFS I believe.
<edit>this would probably get better replies in the OS forum</edit> 😉
there is no notion of ACLS at all?
Originally posted by: Windogg
CHMOD
CHOWN
UMASK
Yep, those tools.
Originally posted by: notfred
Originally posted by: Windogg
CHMOD
CHOWN
UMASK
Yep, those tools.
how? if i have say 5 computers, where do i define one set of accounts that can log on to all of the machines
chmod, chown, and umask only change for the local system.
Originally posted by: Ameesh
Originally posted by: Mucman
I'm no linux expert, but I don't think ext2 has ACLs. You need a more advanced file system like XFS I believe.
<edit>this would probably get better replies in the OS forum</edit> 😉
i rarely venture into their cause they are a bunch of crazies who rarely are reasnable.
Hehe, yeah it has gone downhill... but maybe a complex question such as this will get the gurus involved 🙂
XFS ACL docs
So what you are looking for is something similar to Active Directory (Domain) in a unix environment?
Originally posted by: Mucman
Originally posted by: Ameesh
Originally posted by: Mucman
I'm no linux expert, but I don't think ext2 has ACLs. You need a more advanced file system like XFS I believe.
<edit>this would probably get better replies in the OS forum</edit> 😉
i rarely venture into their cause they are a bunch of crazies who rarely are reasnable.
Hehe, yeah it has gone downhill... but maybe a complex question such as this will get the gurus involved 🙂
XFS ACL docs
So what you are looking for is something similar to Active Directory (Domain) in a unix environment?
im just curious if linux has something like AD.
Originally posted by: Ameesh
Originally posted by: Mucman
Originally posted by: Ameesh
Originally posted by: Mucman
I'm no linux expert, but I don't think ext2 has ACLs. You need a more advanced file system like XFS I believe.
<edit>this would probably get better replies in the OS forum</edit> 😉
i rarely venture into their cause they are a bunch of crazies who rarely are reasnable.
Hehe, yeah it has gone downhill... but maybe a complex question such as this will get the gurus involved 🙂
XFS ACL docs
So what you are looking for is something similar to Active Directory (Domain) in a unix environment?
im just curious if linux has something like AD.
Yes! using openldap and pam_ldap you can do this... heck AD is built with LDAP. Create a server running openldap, configure it, and have
all other client machines authenticate using pam_ldap.
I think 😉
As far as I know, there is no AD type structure to control permissions. I've been looking at several projects at Sourceforge that is suppose to make the permissions structure more robust. I don't believe OpenLDAP will do what you want in this case.
I think MS has done a kickass job when it comes to ACLs and management of permissions in a highly scaleable way.
Windogg
I think MS has done a kickass job when it comes to ACLs and management of permissions in a highly scaleable way.
Windogg
Originally posted by: Windogg
As far as I know, there is no AD type structure to control permissions. I've been looking at several projects at Sourceforge that is suppose to make the permissions structure more robust. I don't believe OpenLDAP will do what you want in this case.
I think MS has done a kickass job when it comes to ACLs and management of permissions in a highly scaleable way.
Windogg
If linux cant support this how do people expect it to get deployed in the corporate environment? i assume if it cant do this then you cant do any kind of group policy can you?
Skyclad1uhm1
Lifer
Originally posted by: Ameesh
Originally posted by: Windogg
As far as I know, there is no AD type structure to control permissions. I've been looking at several projects at Sourceforge that is suppose to make the permissions structure more robust. I don't believe OpenLDAP will do what you want in this case.
I think MS has done a kickass job when it comes to ACLs and management of permissions in a highly scaleable way.
Windogg
If linux cant support this how do people expect it to get deployed in the corporate environment? i assume if it cant do this then you cant do any kind of group policy can you?
Hmm?
Just cause it doesn't work identical to Microsoft's products doesn't mean it can't be done or sucks. Thankfully, security and stability are not done the Microsoft way.
AD is still a weak ripoff of Novell's NDS.
Use a Name Information Service (NIS) and the traditional chmod/chown tools.
http://www.linux-nis.org/
http://www.linux-nis.org/
Just for the curious here is what Ameesh is asking for:
1. Single Sign On (SSO). NT Domain Manager and Passport are two MS products that do this. Basically, you authenticate once to some sort of software, it handles authenticating you onto all the other machines on the network.
2. Access Control Lists. The *nix world currently uses Read/Write/Execute permissions based on Owner/Group/World. NT on the otherhand, gives those and a few more, while being able to specify these rights per user(s) and/or per group(s), note the multiples.
3. Rules for corporate network. Basically, you define a set of rules for ACL's, and all the machines in the network use those rules. Active Directory is the example here.
And to top it off, Ameesh asserts that if *nix doesn't have these, how is it ready for big time use in the corporate world?
Well, I am no expert on Linux, I'm only a casual user which is pretty much what every user here on this forum is, but I will attempt to answer these.
1. As stated before, use some sort of program that authenticates against LDAP. No idea if a nice polish program exists out there, but the servers can be free.
2. No idea on this one. Maybe the Sun Microsystems NIS setup can provide this.
3. Again, no idea.
Personally I don't think these 3 things are essential for corporate networking. Yeah they help if the company can use them, but they aren't essential.
1. Single Sign On (SSO). NT Domain Manager and Passport are two MS products that do this. Basically, you authenticate once to some sort of software, it handles authenticating you onto all the other machines on the network.
2. Access Control Lists. The *nix world currently uses Read/Write/Execute permissions based on Owner/Group/World. NT on the otherhand, gives those and a few more, while being able to specify these rights per user(s) and/or per group(s), note the multiples.
3. Rules for corporate network. Basically, you define a set of rules for ACL's, and all the machines in the network use those rules. Active Directory is the example here.
And to top it off, Ameesh asserts that if *nix doesn't have these, how is it ready for big time use in the corporate world?
Well, I am no expert on Linux, I'm only a casual user which is pretty much what every user here on this forum is, but I will attempt to answer these.
1. As stated before, use some sort of program that authenticates against LDAP. No idea if a nice polish program exists out there, but the servers can be free.
2. No idea on this one. Maybe the Sun Microsystems NIS setup can provide this.
3. Again, no idea.
Personally I don't think these 3 things are essential for corporate networking. Yeah they help if the company can use them, but they aren't essential.
I am really curious on how this is done, so here is a bump 🙂
btw, at school I used the same username and password to check my E-mail, login to the Solaris machines, RedHat machines, and the web proxy. I'm not totally sure how they do it though.
We were given seperate username and passwords to login to the Win2k machines.
This might be a fun thing to play with next time I redo my home network...
btw, at school I used the same username and password to check my E-mail, login to the Solaris machines, RedHat machines, and the web proxy. I'm not totally sure how they do it though.
We were given seperate username and passwords to login to the Win2k machines.
This might be a fun thing to play with next time I redo my home network...
Originally posted by: Ameesh
Originally posted by: notfred
Originally posted by: Windogg
CHMOD
CHOWN
UMASK
Yep, those tools.
how? if i have say 5 computers, where do i define one set of accounts that can log on to all of the machines
chmod, chown, and umask only change for the local system.
choose one machine to be a server, set the home directories on that machinne, use it for login authentication and map the home directories when a user logs into another machine (there was a way to use the disk space on the other machines too, don't remember how).
Electric Amish
Elite Member
Couldn't you use IP-tables as well...at least for system and resource access??
amish
amish
IP Tables has nothing to do with this question.Originally posted by: Electric Amish
Couldn't you use IP-tables as well...at least for system and resource access??
amish
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
