group permissions

[kanu]

HI!
I am new to linux and need help from you expert guys. this is a linux and windows 2008 server environment.
the scenerio is that in a network there is a linux gateway and on different machine linux web server(apache) also with a file server. so the web server serves the files to the user who authenticate through the windows server 2008 AD and also some local users on the same linux machine.
there are three main groups:
one group is the employees group who are in the LAN and they authenticate themselves to the AD and then log in ubuntu and read and write the files in the folder (owner specific*),
the other group is the contractors group also on the AD and they login from outside the company coming through the gateway and then authenticating themselves through the web interface and read and write (download and upload files) the files in the file server,
the last group of people are the clients which i am creating the in the file server itself as low priviledge user and adding them to the client group (possibly different groups for different clients*) created in the linux server itself.

So, now what i need is that if I create a clients folder in the linux file server I want that the employees group users can read and write in the folder and the contractors groups users also can read and write in the same folder (but only their files) through web interface and the clients could only read their own files in their own folder through web interface. so how can i add the individual group permissions to individual clients folders according to the requirement.
is it possible?
I am sry guys as this is a big problem for me but that how it is!!


*
owner specific = only owner can read and write and other users can only read
*
possible different groups for different clients = as there would not be more that 5 clients at a given time before the clients project ends

This is a advertising company with 5 managers and they are assigned 1 client each at a time. the team may include some senoir staff and other staff from the LAN and some contract workers like script wirters and graphic designers working from remote location.

[kanu]

Ok just tell me that how can more than one group be assigned different permissions on a folder in ubuntu and also same permissions should be applied to the files in the folder.

but if you can give me a detailed explaination I would be very thankful!

[kanu]

cmon guys can any one tell me any thing?????

[kmitnick]

you want the ppl to login through a VPN or are you willing to develop a web application???

[kanu]

no VPN should be used that the condition coz its difficult to manage when you have clients who come and go. it all about sharing resources actually a linux file server with a web server built in.

[kmitnick]

dude i am not expert with that, but it seems that it depends on the web application you are gonna build, but ask devils casper he is so good

[b2bwild]

Gvining different permissions to multiple groups or users,
Thats why the acl is.

Before going to acl there is one thing you need to do is.

sudo gedit /etc/fstab

Add acl under options of partition where your data is.
e.g. something like this.

LABEL=/ / ext3 defaults,acl 1 2

Reboot the machine.

Now use this command to set permissions.

# getfacl lotr

(lotr is filename)
Will give output like this
# file: lotr
# owner: frodo
# group: frodo
user::rw-
group::r--
other::r--

Now set the permission.

# setfacl -m u:sam:rw- lotr

Now getfacl file again
It will show

# file: lotr
# owner: frodo
# group: frodo
user::rw-
user:sam:rw-
group::r--
mask::rw-
other::r--

To add a perticular group permission do this

# setfacl -m g:gondor:r-- lotr

This will add read permission to group gondor.
getfacl the file again.
you will get this
# file: lotr
# owner: frodo
# group: frodo
user::rw-
user:sam:rw-
user:tippy:r--
group::r--
group:gondor:r--
mask::rw-
other::r--

Now frodo's file is readable and writable by sam. and readble by whole gondor members.

This works with most servers in linux, but not sure to work with any web application.