Subject: Permission fubar
From: David Lancaster (c4ng2@unb.ca)
Date: Wed Apr 26 2000 - 21:20:55 EDT
I asked this earlier, but I thought I'd repost with a little more detail to
see if I can stimulate a few synapses.
The scenario is this:
Redhat 6.0 server
netatalk-1.4b2+asun2.1.3-7
The major objective/sticky point is creating user accounts so that clients
can upload files, and Customer Service can read/write to said files. I want
to prevent Clients from reading each others data.
The only way I can figure for this to work is to create a seperate group for
each Client, and add Customer Service to it.
ie.
/home/Clients/joeclient (shared via ~ to joeclient in afpd.conf, and via
a share of /home/Clients to Customer Service)
permissions: rwxrws--- joeclient.joeclient
Then when joeclient writes a file, it gets permissions rwxrwx---
joeclient.joeclient, and Customer Service can read it since it is a member
of the joeclient group.
If Customer Service throws a file in joeclient's folder, it gets rwxrwx---
custserv.joeclient (setgid forces the group) and joeclient can read it since
it is a member of the joeclient group.
I can't think of any easier way to do this (but then again, my exploration
of *nix permissions is somewhat limited), so I'd appreciated any commentary
that anyone can give. I'd rather not have to create and maintain a group
for each client, but without ACLs, I can't see any way to set the relevant
permissions.
David Lancaster
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:30:32 EST