Benedict Verheyen wrote:
Hi, i'm wondering what the best method is of allowing a normal user account to do stuff like writing cd's, accessing local webpages (/var/www) and so on. There are a couple of methods like: 1. Making a group, put the user in that group and set that group as owner of say /var/www or another dir where you want to user to have access too.
Have the user setup their web pages in ~/public_html/ and then set Apache to serve up pages on requests for the ~user directory. So a request for http://<host>/~user/ serves up /home/user/public_html/index.html. Add the user to the www-data group. On Debian, the www-data group is the default owner of files in www-data. Just make sure to do a chmod -R g+w /var/www/, or they won't have write access.
2. In case of cd writing, you can set the SUID of cdrecord and related programs or you can use sudo. Only problem with sudo is that the user has to type sudo in front of the commands.
dpkg-reconfigure cdrecord, and then set it suid. Add users to the cdrom group if you want them to be able to burn cds. The only thing is that some people think setting cdrecord suid is a risk.
What is the best method with security and user-friendliness in mind? I mean, I could let my wife work on Linux but to take the example of the cdwriting, she would be confused: "hey, on windows i can burn cd's straight out of the box and here not, i have to use this sudo thing" Off course this example is a bit far fetched since she wouldn't work on the command line and use XCDRoast or something similar and thus avoid the problems described above. But i would still like to know what the best way of working is.
Just my $.02.
Thanks for any insights, Benedict
-Roberto
Attachment:
pgpHyv1RyMeGe.pgp
Description: PGP signature