Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Feb 1997 11:07:43 -0800 (PST)
From:      Doug White <dwhite@gdi.uoregon.edu>
To:        Randy Katz <randyk@ccsales.com>
Cc:        support@FreeBSD.ORG
Subject:   Re: DO YOU KNOW
Message-ID:  <Pine.BSI.3.94.970206110102.829K-100000@localhost>
In-Reply-To: <Pine.BSF.3.91.970206070918.22764A-100000@ccsales.ccsales.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 6 Feb 1997, Randy Katz wrote:

> I want to setup users like this:
> 
> Username: monitor
> Home Directory: /home/monitor
> 
> Username: helper1
> Home Directory /home/monitor/helper1
> 
> Username: helper2
> Home Directory /home/monitor/helper2
> 
> I want monitor to be able to read/delete files everywhere (helper1/helper2).
> I want helper1 and helper2 only to be able to write/read files in their 
> own directories...and if possible not to be able to descend to 
> /home/monitor or anywhere else for that matter.
> Is this possible in Unix?

I think this would work the same way and accomplish teh same thing, with
little different organization.

1.  Make helper1 and helper2 with groups helper1 and helper2 (ie, groups
the same as their username).  Take the default home directory,
/usr/home/helper?
2.  Make monitor with group monitor and invite monitor into groups helper1
and helper2.  Make his home dir /usr/home/monitor
3.  chmod go-rwx /usr/home/monitor
4.  chmod g+rwx /usr/home/helper1 , chmod g+rwx /usr/home/helper2

If I did this right, monitor will be able to access helper{1 2}'s home
directories, but helper{1 2} won't be able to get into monitor's.

You can't really restrict people from going up the tree (toward /) without
making some really sticky problems with binaries and placement.  If you
did it your way and stuck a chroot() call somewhere, you could make
helper{1 2}'s accounts totally useless unless you put some basic system
binaries in  /usr/home/helper{1 2}/bin.

I hope this helps explain the situation somewhat.  Permissions are not my
strong suit, so I'll take any suggestions people have :)

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.970206110102.829K-100000>