On Wed, 22 Feb 2006 at 1:50pm, James Pifer wrote
There really isn't. If you're going to give the person write access to /usr you'd better really trust that person. If you trust that person enough to do that, you might as well just allow them to have root access through sudo so you can keep track of their activities.
Let me give a few more details. The person will have to access this through a portal, which will only allow access to the directories that I specify. The backend portal process will connect to the system using vsftp. So the user will not have wide open access to the system and they will not even know the login info.
So it sounds like I need to do chmod on all the files under that directory?
Do files inherently inherit the rights of the directory that contains them? My concern is with new files that get created, even by root. If they are in the directory that I give access to, it's assumed the user can do what they want with it, as update or delete.
In situations like this I tend to want to use ACLs rather than rely on standard *nix permissions. Look at 'man setfacl' and experiment.
Also, as others have pointed out, it'd be *really* nice if you could relocate the files that need to be accessed out of /usr.