magwart
January 25th, 2012, 06:17 PM
OS: Ubuntu 10.04
I have a set of users that have their 'private' group as their primary group, but also belong to a set of secondary groups:
Username: jim Groups: jim (primary), foo
Username: bob Groups: bob (primary), foo
In order to facilitate sharing files between Jim and Bob, I created a directory called /shared with the group sticky bit:
ls -ld /shared
drwxrwsr-x 2 jim foo 4096 Jan 25 11:06 /shared
Now Jim can create, read, and write files in /shared with no problem (after all, he's the owner). Bob can do the same, but only after he runs 'newgrp foo'.
The problem that I have is that Bob prefers to use Nautilus to move files around. Nautilus runs with the effective group set to the user's primary group (in this case, egid='bob'). If Bob tries to create a new file or folder in /shared, Nautilus refuses (the 'create folder' menu entry is greyed out) because Bob doesn't have permission.
I tried using setfacl to set more fine-grained permissions on /shared, but /shared is actually a NFS mount, but acls do not work the same on NFS as they do on a NFS mount. I also tried to start Nautilus with:
newgrp foo
nautilus -q
...but nautilus continues to run using Bob's primary group.
How can Bob use Nautilus to create new files in this shared directory? Is there any way to start a nautilus instance that uses Bob's secondary group?
I have a set of users that have their 'private' group as their primary group, but also belong to a set of secondary groups:
Username: jim Groups: jim (primary), foo
Username: bob Groups: bob (primary), foo
In order to facilitate sharing files between Jim and Bob, I created a directory called /shared with the group sticky bit:
ls -ld /shared
drwxrwsr-x 2 jim foo 4096 Jan 25 11:06 /shared
Now Jim can create, read, and write files in /shared with no problem (after all, he's the owner). Bob can do the same, but only after he runs 'newgrp foo'.
The problem that I have is that Bob prefers to use Nautilus to move files around. Nautilus runs with the effective group set to the user's primary group (in this case, egid='bob'). If Bob tries to create a new file or folder in /shared, Nautilus refuses (the 'create folder' menu entry is greyed out) because Bob doesn't have permission.
I tried using setfacl to set more fine-grained permissions on /shared, but /shared is actually a NFS mount, but acls do not work the same on NFS as they do on a NFS mount. I also tried to start Nautilus with:
newgrp foo
nautilus -q
...but nautilus continues to run using Bob's primary group.
How can Bob use Nautilus to create new files in this shared directory? Is there any way to start a nautilus instance that uses Bob's secondary group?