LDAP is a wonderful way to handle all your company employees users. I’ve been using it for a long time and just like the easy way to handle it and how users can be authenticated via the LDAP directory all threw our intranet sites (Ticket manager, Wiki, Tools and more).
A month ago I had a new project – simple and easy to create some directories for group of users and give some full permissions and some only read permissions.
Due to the nature of linux that was quite easy – Just create a new group (or several) to encapsulate the users and allow the permissions to the directories. For example:
1. Group: project-users – All the users who will need to access the data for this project will be added to this group.
2. User: project-admin – This is the user that can handle the directories (add, remove etc).
2. Group: project-admins – The only group that can access the project-admin users. I’ve added only selected users to this group. (The permissions to access the users is auto generated authorized_keys access)
Now let’s say that our directory is:
/opt/projects/project (User: project-admin, Group: project-users, Mode: rwxr-r—)
Now as you can see only the admin user can change the files but all the group can access.