[CentOS] Proper way to give rights at the file system?

Wed Feb 22 19:32:17 UTC 2006
Joshua Baker-LePain <jlb17 at duke.edu>

On Wed, 22 Feb 2006 at 1:50pm, James Pifer wrote

>> There really isn't.  If you're going to give the person write access to
>> /usr you'd better really trust that person.  If you trust that person
>> enough to do that, you might as well just allow them to have root access
>> through sudo so you can keep track of their activities.
>
> Let me give a few more details. The person will have to access this
> through a portal, which will only allow access to the directories that I
> specify. The backend portal process will connect to the system using
> vsftp. So the user will not have wide open access to the system and they
> will not even know the login info.
>
> So it sounds like I need to do chmod on all the files under that
> directory?
>
> Do files inherently inherit the rights of the directory that contains
> them? My concern is with new files that get created, even by root. If
> they are in the directory that I give access to, it's assumed the user
> can do what they want with it, as update or delete.

In situations like this I tend to want to use ACLs rather than rely on 
standard *nix permissions.  Look at 'man setfacl' and experiment.

Also, as others have pointed out, it'd be *really* nice if you could 
relocate the files that need to be accessed out of /usr.

-- 
Joshua Baker-LePain
Department of Biomedical Engineering
Duke University