1.  Home
  2. MIDRANGE-L
  3. January 2009

Re: Authority to READ files in a shared subdirectory of the root

Not even FTP is consistent. Consider this directory
Object . . . . . . . . . . . . : /robBtest
Type . . . . . . . . . . . . . : DIR
Owner . . . . . . . . . . . . : ROB
Primary group . . . . . . . . : *NONE
Authorization list . . . . . . : SSA01F
Data
User Authority
*PUBLIC *AUTL

Now if I open a ftp session here and do a simple PUT then the file has the
same authority. (So far so good, but stick with me.)
ftp> put testftp.txt /robBtest/testftp.t
200 PORT subcommand request successful.
150-NAMEFMT set to 1.
150 Sending file to /robBtest/testftp.tx
226 File transfer completed successfully
ftp: 51 bytes sent in 0.00Seconds 51000.
Object . . . . . . . . . . . . : /robBtest/testftp.txt
Type . . . . . . . . . . . . . : STMF
Owner . . . . . . . . . . . . : ROB
Primary group . . . . . . . . : *NONE
Authorization list . . . . . . : SSA01F
Data
User Authority
*PUBLIC *AUTL

However if I use the ftp command MKDIR then all is lost
ftp> mkdir /robBtest/subdir
250 Created directory /robBtest/subdir
Object . . . . . . . . . . . . : /robBtest/subdir
Type . . . . . . . . . . . . . : DIR
Owner . . . . . . . . . . . . : ROB
Primary group . . . . . . . . : *NONE
Authorization list . . . . . . : *NONE
Data
User Authority
*PUBLIC *EXCLUDE

Now, any files created underneath that will not have any authorization
list associated with it.
Real situation: You have a customer that you'd bend over and take it to
get their business. They put up several dozen engineering drawings for
you, in a subdirectory they created, to look at but your users can't get
to them. Then you find the above situation.

IBM recommended Primary Groups. So I did a
CHGPGP OBJ('/robBtest') NEWPGP(PROGRAMMER) SUBTREE(*ALL)
ftp> mkdir /robBtest/newsubdir
250-NAMEFMT set to 1.
250 Created directory /robBtest/newsubdir
Object . . . . . . . . . . . . : /robBtest/newsubdir
Type . . . . . . . . . . . . . : DIR
Owner . . . . . . . . . . . . : ROB
Primary group . . . . . . . . : PROGRAMMER
Authorization list . . . . . . : *NONE
Data
User Authority
PROGRAMMER *RWX
And anyone with that group, or supplemental group, is in like Flynn.

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.