From owner-freebsd-security  Wed Jun 24 05:51:14 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA25770
          for freebsd-security-outgoing; Wed, 24 Jun 1998 05:51:14 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA25706
          for <freebsd-security@FreeBSD.ORG>; Wed, 24 Jun 1998 05:50:49 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id IAA17305;
	Wed, 24 Jun 1998 08:50:43 -0400 (EDT)
Date: Wed, 24 Jun 1998 08:50:42 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: "Matthew D. Fuller" <fullermd@futuresouth.com>
cc: Open Systems Networking <opsys@mail.webspan.net>,
        freebsd-security@FreeBSD.ORG
Subject: Re: adduser chmod permissions
In-Reply-To: <19980623185357.25223@futuresouth.com>
Message-ID: <Pine.BSF.3.96.980624084526.17202H-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Personally, my skel account tree has something like this in it:

public/
private/
prototypes/
	dot.*
public_html/
	index.html

public/ is work readable, user readable/writable
private is only user readable/writable
prototypes is only user readable/writable, and contains the dot.* files
that are normally in the skel directory (I have fairly all-encompassing
/etc/csh.*,profile stuff)
public_html/ has appropriate permissions, and contains a sample web page
for the user.

This way it is clear to my users where files should and shouldn't go; I
also don't get to explain how to set permissions on a public_html
directory for ftp/samba users. :)  With the prototypes/ arrangement, I
don't have to deal with the forever morphing prototype dot files across
various versions of BSD resulting in each user having a markedly different
environment.

One thing I really miss in FreeBSD having had accounts in AFS/Coda is the
ability for users to create and maintain their own groups.  Very useful to
be able to say ..

fs sa friends/ rnw:friends read

Etc.  Maybe ACLfs (whenever) should add user-definable group support? :)
Certainly the Coda port to FreeBSD should do that.  A new protection
server was/is being written at Yale to provide distributed group
information across a Coda realm.  I'm not sure when that gets integrated
with the main Coda distribution.


  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message