Please help to understand permissions

[nevolex]

Hi everyone,

I'm new to folders / users access I hope somebody can help

I have a folder I want to apply permissions for.

By default the folder "main" has only admin full access. I also have 2 users in group "everyone". For the main folder I choose:'
Everyone - Read only
my users (lena, alla)
alla - read and write
lena - read and write
The question why do I need to add the group everyone in the first place? Why couldn't I used just users without the group? The group everyone has RO access, but the users have RW but does it mean that users can definitely create and edit folders/ files in the "Main folder"

Also I want to add RO access to one subfolder inside the Main folder but I get an error msg? Can you please advise who does it work.

I just want full access by default but RO access for 2 users for a couple of folders.
Thank you

[schumaku]

Hello,

The question why do I need to add the group everyone in the first place?

There is no need to add users manually to the everyone group. Much more, the everyone group does automatically contain all local users, similar to the Active Directory "Domain Users" group.

Why couldn't I used just users without the group?

While there is nothing wrong in handling access rights based on users ... from the management prospective, it's easier to handle groups with similar access rights - there would be much less changes on the file system ACLs (with Advanced Folder Permissions enabled) for adding or removing users when the ACL access rights are based on group(s). Essentially new users can access folders and files based on their group(s) membership, without adding new ACE (access control entries) to the ACL on each folder and file.

The group everyone has RO access, but the users have RW but does it mean that users can definitely create and edit folders/ files in the "Main folder"

Doubt they can. With everyone set to read-only, nobody is able to write. What is the reason you have set the everyone group to read-only here? I guess there is some misunderstandings between the non-authenticated so called "guest" access and the everyone group. In your example, the user lena will never be able to write - because of the everyone group is set to read-only.

[nevolex]

Hello,

The question why do I need to add the group everyone in the first place?

There is no need to add users manually to the everyone group. Much more, the everyone group does automatically contain all local users, similar to the Active Directory "Domain Users" group.

Why couldn't I used just users without the group?

While there is nothing wrong in handling access rights based on users ... from the management prospective, it's easier to handle groups with similar access rights - there would be much less changes on the file system ACLs (with Advanced Folder Permissions enabled) for adding or removing users when the ACL access rights are based on group(s). Essentially new users can access folders and files based on their group(s) membership, without adding new ACE (access control entries) to the ACL on each folder and file.

The group everyone has RO access, but the users have RW but does it mean that users can definitely create and edit folders/ files in the "Main folder"

Doubt they can. With everyone set to read-only, nobody is able to write. What is the reason you have set the everyone group to read-only here? I guess there is some misunderstandings between the non-authenticated so called "guest" access and the everyone group. In your example, the user lena will never be able to write - because of the everyone group is set to read-only.

Thank you very much schumaku for the explanation