[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allowing a "normal" user to work efficiently

Benedict Verheyen wrote:

i'm wondering what the best method is of allowing a normal user account to
do stuff like writing cd's, accessing local webpages (/var/www) and so on.
There are a couple of methods like:

1. Making a group, put the user in that group and set that group as owner
of say /var/www or another dir where you want to user to have access too.

Have the user setup their web pages in ~/public_html/ and then set
Apache to serve up pages on requests for the ~user directory.  So a
request for http://<host>/~user/ serves up

Add the user to the www-data group.  On Debian, the www-data group is
the default owner of files in www-data.  Just make sure to do a
chmod -R g+w /var/www/, or they won't have write access.

2. In case of cd writing, you can set the SUID of cdrecord and related
programs or you can use sudo. Only problem with sudo is that the user has
to type sudo in front of the commands.

dpkg-reconfigure cdrecord, and then set it suid.  Add users to the cdrom
group if you want them to be able to burn cds.  The only thing is that
some people think setting cdrecord suid is a risk.

What is the best method with security and user-friendliness in mind?

I mean, I could let my wife work on Linux but to take the example of the
cdwriting, she would be confused: "hey, on windows i can burn cd's
straight out of the box and here not, i have to use this sudo thing"
Off course this example is a bit far fetched since she wouldn't work on
the command line and use XCDRoast or something similar and thus avoid the
problems described above.
But i would still like to know what the best way of working is.

Just my $.02.

Thanks for any insights,


Attachment: pgpHyv1RyMeGe.pgp
Description: PGP signature

Reply to: