Re: Permission fubar

Subject: Re: Permission fubar
From: Peter Gutowski (peterg@powervue.com)
Date: Thu Apr 27 2000 - 05:55:42 EDT

• Next message: thomas.riewe: "Re: IP Aliasing"
• Previous message: Howard Schultens: "Re: CAP to netatalk migration tools"
• Maybe in reply to: David Lancaster: "Permission fubar"
• Next in thread: Philip Bertuglia: "Re: Permission fubar"
• Maybe reply: Peter Gutowski: "Re: Permission fubar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday, April 26, 2000, David Lancaster <c4ng2@unb.ca> wrote:
>I asked this earlier, but I thought I'd repost with a little more detail to
>see if I can stimulate a few synapses.
>
>The scenario is this:
>Redhat 6.0 server
>netatalk-1.4b2+asun2.1.3-7
>
>The major objective/sticky point is creating user accounts so that clients
>can upload files, and Customer Service can read/write to said files. I want
>to prevent Clients from reading each others data.
>
>The only way I can figure for this to work is to create a seperate group for
>each Client, and add Customer Service to it.
>
>ie.
>/home/Clients/joeclient (shared via ~ to joeclient in afpd.conf, and via
>a share of /home/Clients to Customer Service)
>permissions: rwxrws--- joeclient.joeclient
>
>Then when joeclient writes a file, it gets permissions rwxrwx---
>joeclient.joeclient, and Customer Service can read it since it is a member
>of the joeclient group.
>If Customer Service throws a file in joeclient's folder, it gets rwxrwx---
>custserv.joeclient (setgid forces the group) and joeclient can read it since
>it is a member of the joeclient group.
>
>I can't think of any easier way to do this (but then again, my exploration
>of *nix permissions is somewhat limited), so I'd appreciated any commentary
>that anyone can give. I'd rather not have to create and maintain a group
>for each client, but without ACLs, I can't see any way to set the relevant
>permissions.
>
>David Lancaster

On one of my netatalk+asun machines I have special accounts set up for customers to use. Their "home" directory is a directory under /AppleShare. Each customer has a .AppleVolumes file in their home directory which only offers them one share: their home directory. Permission for all directories is 770, and all share a common group called users. Company employees have a different .AppleVolumes (in *their* home directory, a symlink to /etc/AppleVolumes) file, which among other things offers them the /AppleShare mount point, so they can move files into and out of the Clients directory easily.

-- 
Peter Gutowski
peterg@powervue.com // www.powervue.com/~peterg // h: 413-584-7820

• Next message: thomas.riewe: "Re: IP Aliasing"
• Previous message: Howard Schultens: "Re: CAP to netatalk migration tools"
• Maybe in reply to: David Lancaster: "Permission fubar"
• Next in thread: Philip Bertuglia: "Re: Permission fubar"
• Maybe reply: Peter Gutowski: "Re: Permission fubar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:30:32 EST