Greetings, I'm in the process of migrating several network user home directories to a Linux file server. They're coming from various Mac OS X servers, where ACLs were used for rights. In the past, for network homes on a Linux box, I wasn't too granular about permissions, etc. However, these particular homes do need a certain level of that.
So what I'll have is a bunch of users all part of the same group. In addition, I'll have the IT shop, which is a defined group. I need the IT shop to have full, recursive rights to the users' data (for assistance, troubleshooting, etc). With ACLs, I can set default permissions, but those don't seem to hold up if the user does a 'chmod 600' on a file, for instance. My only thoughts there are to run a cron job nightly or so to "fix" the permissions.
The users' homes will be chmod 700. Unfortunately, that trumps my ACL for the IT shop. If I chmod 750, then everyone else in their group has access (unless I specifically deny them (is there an 'everyone' catchall?))
The simple ACL I've used for testing is: setfacl -d -R -m g:it_staff:rwx homes
Any advice on how to accomplish such a thing, or input on best practices?
[link] [9 comments]