Re: group permissions (was chroot ssh and ftp)
> To: debian-user lists.debian.org
> Subject: Re: group permissions (was chroot ssh and ftp)
> From: Chris Davies
>
> Chris wrote:
> The problem with this is that you're making files executable. Personally
> I think you'd be better off just fixing just the professors' home
> directories.
Do you mean in the script (professor branch) something like:
chown $USU:professor $USU
chmod go= $USU
This way one professor cannot see each others dirs, but inside home a
file would be created (and stayed) like: rw-rw----
Right? Don't need the -R.
> > chmod g+s sam simon sony
> Again, here you're making files executable, and you'd be better off just
> tweaking the group and other permissions:
> find sam simon sony -type d -exec chmod g=rwx,o= {} \;
> find sam simon sony ! -type d -exec chmod g=u,g+r,o= {} \;
Nice touch. I changed the script to:
if groups $USU | grep -q alumini; then
#echo Cleaning $USU, student.
chown -R $USU:student $USU
find $USU -type d -exec chmod u=rwx,g=rwx,o= {} \;
find $USU ! -type d -exec chmod u+r,g=u,g+w,o= {} \;
else
#echo Cleaning $USU, professor.
chown $USU:professor $USU ;#not recursive
chmod u=rwx,go= $USU ;#not recursive
> the student user may want to have removed write permission from their own
> access, so I would be inclined to honour that with something like this:
> chown -R g=u,g+rw,o=
Yes, thanks. I just add that students can wrongly do a u-r, so I added
a u+r. Will this sequence work?
u+r,g=u,g+w,o=
I thought to add r to users, then copy r and possible x to groups,
then add w to groups. I belive its ok, isn't it?
> As I've suggested earlier, you probably don't need to tweak any of
> the professors' files, but just enforce 0700 on each professor's home
> directory.
> Chris
Yep! Great.
Thanks,
Beco
--
Dr. Beco
A.I. research, Cognitive Scientist and Philosopher
Linux Counter #201942
Reply to: