On Wed, 22 Feb 2006 at 1:50pm, James Pifer wrote >> There really isn't. If you're going to give the person write access to >> /usr you'd better really trust that person. If you trust that person >> enough to do that, you might as well just allow them to have root access >> through sudo so you can keep track of their activities. > > Let me give a few more details. The person will have to access this > through a portal, which will only allow access to the directories that I > specify. The backend portal process will connect to the system using > vsftp. So the user will not have wide open access to the system and they > will not even know the login info. > > So it sounds like I need to do chmod on all the files under that > directory? > > Do files inherently inherit the rights of the directory that contains > them? My concern is with new files that get created, even by root. If > they are in the directory that I give access to, it's assumed the user > can do what they want with it, as update or delete. In situations like this I tend to want to use ACLs rather than rely on standard *nix permissions. Look at 'man setfacl' and experiment. Also, as others have pointed out, it'd be *really* nice if you could relocate the files that need to be accessed out of /usr. -- Joshua Baker-LePain Department of Biomedical Engineering Duke University