Subject: Re: Permission fubar
From: Philip Bertuglia (pbertugl@wheatonma.edu)
Date: Thu Apr 27 2000 - 09:18:54 EDT
This look like a good layout but, just for fun, try to move a complicated
directory structure into /home/Clients/joeclient via the netatalk mount.
I have not been able to get more then one file deep into a SGID bit
directory without the writer being the owner of the share.
Philip Bertulgia
System Administrator
Wheaton College, MA
On Wed, 26 Apr 2000, David Lancaster wrote:
> I asked this earlier, but I thought I'd repost with a little more detail to
> see if I can stimulate a few synapses.
>
> The scenario is this:
> Redhat 6.0 server
> netatalk-1.4b2+asun2.1.3-7
>
> The major objective/sticky point is creating user accounts so that clients
> can upload files, and Customer Service can read/write to said files. I want
> to prevent Clients from reading each others data.
>
> The only way I can figure for this to work is to create a seperate group for
> each Client, and add Customer Service to it.
>
> ie.
> /home/Clients/joeclient (shared via ~ to joeclient in afpd.conf, and via
> a share of /home/Clients to Customer Service)
> permissions: rwxrws--- joeclient.joeclient
>
> Then when joeclient writes a file, it gets permissions rwxrwx---
> joeclient.joeclient, and Customer Service can read it since it is a member
> of the joeclient group.
> If Customer Service throws a file in joeclient's folder, it gets rwxrwx---
> custserv.joeclient (setgid forces the group) and joeclient can read it since
> it is a member of the joeclient group.
>
> I can't think of any easier way to do this (but then again, my exploration
> of *nix permissions is somewhat limited), so I'd appreciated any commentary
> that anyone can give. I'd rather not have to create and maintain a group
> for each client, but without ACLs, I can't see any way to set the relevant
> permissions.
>
> David Lancaster
>
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:30:32 EST