1

I've a group of users, all of which are in a single group. Then I have a Java daemon that is a member of a seperate group.

I want both the users and the daemon to have access to the same set of files. Apparently, adding the daemon to a secondary group so that this works is not generally workable.

What if I give the daemon ownership of files and directories and the group of all users group rights? What sort of problems might I see? Is this bad for security?

Do different UNIX and Linux environments interpret this differently? This environment is Linux: Ubuntu Lucid Lynx (10.04) Server.

Improve this question

1 Answer 1

Reset to default
1

Seems that in such situations is much better to use acl. You need to install acl package and enable it in mount options. For example if /etc/fstab it looks like

/dev/mapper/server-home /home ext4 defaults,acl,noatime 0 2

You can manage right with setfacl command and check it with getfacl.

Improve this answer
2
  • How do I know if the filesystem supports ACLs? I realize that ext2, ext3, and ext4 have mount options acl and noacl; what is the default? (man pages don't specify) Likewise, are ACLs supported on filesystems like XFS? I think that XFS and many others (JFS, btrfs) will probably support ACLs completely; is this right? Can Java (yes, I know Java comes in many kinds!) handle ACLs or is it transparent? Commented Dec 22, 2011 at 19:02
  • Oh - and you didn't answer my question :) Aside from "doing the right thing" (using ACLs from the sound of it) I'd also like to know how these permissions resolve themselves and how UNIX/Linux handles it. Commented Dec 22, 2011 at 19:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.