[SunHELP] logic
Alan Rubin
sunhelp at sunhelp.org
Tue Jan 30 20:48:43 CST 2001
Will a umask command need to b e put in some resource file (which one?) to
make sure that adequete permissions are given to the special group by
default?
alan
On Tue, 30 Jan 2001, Nicholas Dronen wrote:
> On Tue, Jan 30, 2001 at 08:21:05PM -0500, Alan Rubin wrote:
> > I have a group of users with user A being the supervisor. I need to
> > create user accounts on a server, but A needs to have access to all of his
> > subordinates files, while allowing each user to otherwise be private.
> > What is a good scheme to accomplish this? User A can not be root. I'm
> > sure this is fairly simple, but I haven't worked out my plan yet and was
> > just hoping to hear a few suggestions.
>
> Put the supervisor in some group (e.g., pinheads), chgrp
> all of the users' home directories to that group, and set the
> mode of the directories to 2750. This is necessarily an imperfect
> solution: while it does allow the supervisor to access all of
> those home directories (and all of the subdirectories therein),
> a saavy user can remove the sgid bit from their home directory,
> which means the new files and subdirectories won't be 'owned'
> by group pinheads.
>
> Of course, you can always craft a solution with sudo as well.
>
> Regards,
>
> Nick Dronen
> _______________________________________________
> SunHELP maillist - SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp
>
>
_________________
*Alan Rubin*
Sun/Unix/Networking/Web Writing
Email:rubin at ezy.net
More information about the SunHELP
mailing list