From owner-freebsd-questions Thu Feb 6 11:08:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA22640 for questions-outgoing; Thu, 6 Feb 1997 11:08:38 -0800 (PST) Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA22635 for ; Thu, 6 Feb 1997 11:08:34 -0800 (PST) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.4/8.6.12) with SMTP id LAA01495; Thu, 6 Feb 1997 11:07:43 -0800 (PST) Date: Thu, 6 Feb 1997 11:07:43 -0800 (PST) From: Doug White X-Sender: dwhite@localhost Reply-To: Doug White To: Randy Katz cc: support@FreeBSD.ORG Subject: Re: DO YOU KNOW In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 6 Feb 1997, Randy Katz wrote: > I want to setup users like this: > > Username: monitor > Home Directory: /home/monitor > > Username: helper1 > Home Directory /home/monitor/helper1 > > Username: helper2 > Home Directory /home/monitor/helper2 > > I want monitor to be able to read/delete files everywhere (helper1/helper2). > I want helper1 and helper2 only to be able to write/read files in their > own directories...and if possible not to be able to descend to > /home/monitor or anywhere else for that matter. > Is this possible in Unix? I think this would work the same way and accomplish teh same thing, with little different organization. 1. Make helper1 and helper2 with groups helper1 and helper2 (ie, groups the same as their username). Take the default home directory, /usr/home/helper? 2. Make monitor with group monitor and invite monitor into groups helper1 and helper2. Make his home dir /usr/home/monitor 3. chmod go-rwx /usr/home/monitor 4. chmod g+rwx /usr/home/helper1 , chmod g+rwx /usr/home/helper2 If I did this right, monitor will be able to access helper{1 2}'s home directories, but helper{1 2} won't be able to get into monitor's. You can't really restrict people from going up the tree (toward /) without making some really sticky problems with binaries and placement. If you did it your way and stuck a chroot() call somewhere, you could make helper{1 2}'s accounts totally useless unless you put some basic system binaries in /usr/home/helper{1 2}/bin. I hope this helps explain the situation somewhat. Permissions are not my strong suit, so I'll take any suggestions people have :) Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major