[CentOS] Proper way to give rights at the file system?
Joshua Baker-LePain
jlb17 at duke.edu
Wed Feb 22 19:32:17 UTC 2006
On Wed, 22 Feb 2006 at 1:50pm, James Pifer wrote
>> There really isn't. If you're going to give the person write access to
>> /usr you'd better really trust that person. If you trust that person
>> enough to do that, you might as well just allow them to have root access
>> through sudo so you can keep track of their activities.
>
> Let me give a few more details. The person will have to access this
> through a portal, which will only allow access to the directories that I
> specify. The backend portal process will connect to the system using
> vsftp. So the user will not have wide open access to the system and they
> will not even know the login info.
>
> So it sounds like I need to do chmod on all the files under that
> directory?
>
> Do files inherently inherit the rights of the directory that contains
> them? My concern is with new files that get created, even by root. If
> they are in the directory that I give access to, it's assumed the user
> can do what they want with it, as update or delete.
In situations like this I tend to want to use ACLs rather than rely on
standard *nix permissions. Look at 'man setfacl' and experiment.
Also, as others have pointed out, it'd be *really* nice if you could
relocate the files that need to be accessed out of /usr.
--
Joshua Baker-LePain
Department of Biomedical Engineering
Duke University
More information about the CentOS
mailing list