We have a fedora 10 server that the company connects to with other computers in the office. The file everyone access, public_share has no restrictions to the people that use it. We have another file, art_share that is password protected and everytime someone wants to access it they must login with it, but there are only 3 people out of the 15 that need to access it. Everyone needs to access public_share at some time.

My question is: is there a way to limit the permission for certain remote users to public_share so that they cannot write or execute, but at the same time allowing others full permission? I tried to do use chmod, but then it changes everyone's permission (I assume because of the remote access).

Guessing here, but trying to get a better understanding the permissions thing. Would it be useful to create a group, add members that need access to art_share to that group and then give the group permission to access art_share, thereby omitting the users that aren't part of that group from accessing the share?

That would work if users that needed access to the file were actually on the server computer. The thing is that they are all gaining access remotely. Creating permissions, groups, and users on the linux server will do me no good since they don't need an account to access from another computer.
I need to somehow restrict permissions, not omitt them completely, from some of the computers connecting to the server.
Thanks for the reply, though.

I think it depends on how the remote users gain access to this file.

For example, if this is being accessed via NFS, then the permissions you set locally should (I believe) be honoured in the remote access as much as this makes sense.

If the file is being accessed via Samba, then I think you should still be able to restrict the access available to people by using smbusers and the /etc/samba/smbusers file to map remote usernames to usernames on the F10 system, and thereby make the access via Samba respect the local permissions.

I believe everyone is connecting through ftp. If that makes sense.

If it is ftp, you will need to configure the ftp server appropriately.

I have no experience of that myself, but it looks like what you want should be achievable with vsftpd, given this HOWTO: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch15_:_Linux_FTP_Server_Setup.

Sorry not to be more help.

That's ok, thanks for the link. I didn't even know we had vsftpd until now. now I gotta figure out how to use it.

---------- Post added at 11:26 PM ---------- Previous post was at 06:26 PM ----------

Well, now I know a lot more about vsftpd, but I still can't find what I'm looking for. There are plenty of options to limit local user access, but I only found a few thing related to remote access users. I still can't figure out how to limit a remote user's access, and looking everywhere, I figure that this vsftpd has got to be the answer. There's gotta be something I can edit through vim, right?

Same4u

Even if they're accessing via FTP (sort of a strange method for Windows clients... but if that's what you need...) you can set permissions at the file system level, but then, the users requiring write access would have to log in.

If you were using Samba, you could simply give everyone read access, then, (in /etc/samba/smb.conf) by using the keyword "write list" with comma-separated names, give write permission to those 3 users. As long as their Windows login credentials are the same on the F10 box, they'd never have to log in.

The only caveat to using Samba is that the shared folder will appear on the network to everyone (there are ways around that, but it's off-topic for the moment).

Or do I misunderstand the application?

-Al

Yes ftp is strange, and I doubt it.

Still ftp uses the native linux/POSIX permissions based on the ftp login account. NFS and AFAIK Samba sevice maps the native permissions to distributed FS permissions.

So glennzo post#2 is probably right, but no one can sort out the details w/o knowing the type of file sharing.

Yes ftp is strange, and I doubt it.

Still ftp uses the native linux/POSIX permissions based on the ftp login account. NFS and AFAIK Samba sevice maps the native permissions to distributed FS permissions.

So glennzo post#2 is probably right, but no one can sort out the details w/o knowing the type of file sharing.

Yup. It's hard sayin' not knowin' ;)

I think he's going to be stuck with creating groups, adding users to them, then chgrp'ing the appropriate files/directories. Once the proper file-level permissions and ownership are set though, he shouldn't have much of a problem... Providing logins are used, of course.

As for Samba, I've had great luck (on both my home network and in the feild with clients) using native permissions to protect files, even when telling Samba to allow a write. Seems to work pretty much like NTFS permissions under a share. The NTFS restrictions over-rule all else.

At any rate, I hope things work out for him, and I'd love to hear the end result!

-Al