Managing file access problem(without using ACLs)

view full story

http://forums.fedoraforum.org – Ok so heres the problem.. I've been banging my head over this Linux assignment for a few hours now and just can't figure out a proper solution. Basically we're acting as a system admin for a fictional company, and we have to assign permissions to various directories based on groups. The Executive Group (exec) -exec-normal, exec-secure directories The Project Management Group (pm) The Design Group (design) -preliminary design (des-prelim) and Revised design (des-rev) directories. The End Users group (users) the following users must be made: exec1, exec2, pm1, pm2, des1, des2 ,user1, user2 all files from each group are stored in /home/docs/ The directory tree is as such /home/docs/{exec-normal,exec-secure,des-prelim,des-rev,share} exec manages documents in /home/docs/exec-normal/ pm needs to read documents in /home/docs/exec-normal/ pm also needs to modify documents in /home/docs/des-rev/ design creates documents in /home/docs/des-prelim, /home/docs/des-rev/ users need to modify documents in /home/docs/des-prelim/ users also needs to view documents in /home/docs/des-rev/ all users need to be able to contribute to /home/docs/share/ So what I thought of and tried to do was this: since people of different groups need rwx on same directories I decided to group those people up into their own groups and assign that group to the given directory. So for example design(des1,des2) and pm(pm1,pm2) both need to modify files in /home/docs/des-rev therefore I grouped these 4 users together in a group called GroupRev and made GroupRev the owner of the /home/docs/des-rev/ directory with the permissions drwxrws--- and this works for those users and all but 'users(user1,user2)' need to be able to view docsuments in /home/docs/des-rev as well and if I set the others permission then the WORLD has those permissions. and this problem is consistent in my planning. With this idea I grouped exec1, exec2 into GroupExec and des1, des2, user1, user2 into GroupPrelim and assigned the groups to the proper directories. so currently my permissions are pretty much the same for each directory drwxrws--- and with this each user can modify files in directories they're supposed to.. but if users from another group need to view documents in another groups directory, they can't. I can't use ACL's and must do it this way. I guess all I'm really asking for here is a push in the right direction. Any help would be appreciated. (HowTos)