Re: group permissions (was chroot ssh and ftp)
Dr Beco <rcb@beco.cc> wrote:
> Now, for the permissions stated before, I got this until now:
> Professors belong to two groups, professors and students
> Students belong only to alumini
> Admins belong to all
> Then I run in professors /home/dirs the following command:
> chown -R :professors paul peter patrick
> chmod -R 700 paul peter patrick
The problem with this is that you're making files executable. Personally
I think you'd be better off just fixing just the professors' home
directories. Failing that, just tweak the group and other permissions:
chmod -R go= paul peter patrick
> To students /home/dirs I did:
> chown -R :students sam simon sony
> chmod -R 770 sam simon sony
> chmod g+s sam simon sony
Again, here you're making files executable, and you'd be better off just
tweaking the group and other permissions:
find sam simon sony -type d -exec chmod g=rwx,o= {} \;
find sam simon sony ! -type d -exec chmod g=u,g+r,o= {} \;
In your script:
> if groups $USU | grep -q alumini; then
> #echo Cleaning $USU, student.
> chown -R $USU:student $USU
> chmod -R u+rw,g+rw,o-rwx $USU
> #echo Cleaning $USU, professor.
> chown -R $USU:professor $USU
> chmod -R u+rw,g-rwx,o-rwx $USU
> chmod -R u+rw,g+rw,o-rwx $USU
the student user may want to have removed write permission from their own
access, so I would be inclined to honour that with something like this:
chown -R g=u,g+rw,o=
As I've suggested earlier, you probably don't need to tweak any of
the professors' files, but just enforce 0700 on each professor's home
directory.
Chris
Reply to: