symlink question

[Red Squirrel]

Lets say I have 2 shares, one is called public and only user1 has write access, and the other shared p2p which user2 has write access.

If I put a symlink on the p2p share to a folder on the public share then user p2p gets write access. How do I prevent this? I want the symlink to be read only and follow the permissions set on p2p share and not the share that the actual files are on.

 

[Nothinman]

symlinks have no permissions, the permissions of the target file are used.

 

[Brazen]

When you symlink a directory (or file) it acts just like a copy of that folder, except, of course, they are "linked." So think of the permissions just like if you would copy that folder into the other location. If you want users to have write access only to that folder, then you'll need to adjust the file-level permissions to only have write access for those users.

 

[DaiShan]

ACL's would be a good solution to your problem.

 

[Red Squirrel]

Yeah would be nice if ext3 had ACLs like NTFS does. It's one thing Windows is better at, and its NTFS. It's much more powerful and versatile. Less going through hoops to give/remove permissions at a per user basis. I ended up getting it working like I wanted, but that involved creating another group just for that folder then removing the users from the group of the folder the link goes to, then managed to get the results I wanted.

 

[Nothinman]

Yeah would be nice if ext3 had ACLs like NTFS does.

Um, ever looked up POSIX ACLs?

 

[Red Squirrel]

Never heard of them. I did a quick google search and its something that looks viable, though from looks of it, it introduces a huge performance hit. But nice to know that exists.

 

[Nothinman]

A huge performance hit? That's something I've never heard about before.

 

[Brazen]

Originally posted by: RedSquirrel
Never heard of them. I did a quick google search and its something that looks viable, though from looks of it, it introduces a huge performance hit. But nice to know that exists.

hmm, in the few cases I've used them, I never saw ANY performance hit. If there was any, it didn't show over the network. Most of the time though, I prefer the UGO permissions, anyway. In the long run, UGO permissions are easier to maintain and keep organized.

 

[Nothinman]

In the long run, UGO permissions are easier to maintain and keep organized.

Much. ACLs help in strange corner cases where you can't fit what you need into UGO but you should use ACLs very sparingly since they just add complexity and you have to be careful when working with those files since not all utilities know how to preserve, restore, etc ACLs.