On Thursday 21 February 2008 22:22:34 Andrew Bradford wrote: > Mel escribió: > > On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote: > >> Erik Norgaard escribió: > >>> I assume the reasoning for this is you want to preserve permissions > >>> and attributes on your backup, so you can't solve this simply by > >>> setting permissions appropriately. > >> > >> Yes, exactly. Users need to be able to see their own backups, and > >> nobody else's. > > > > Isn't this what acl's are for? See setfacl(8). I haven't looked into it > > in great detail but seems to me that if you make a subdir owned by the > > user for each backup root for that user and set the acl to only be > > accessible by user, it should work. > > I can't test it on my system at the moment, but wouldn't acls make the > files writable for general users? The backup filesystem needs to be > mounted read-write for root only, and read-only for general users, yet > maintain ownership and permissions.
Yeah, you're right. It applies to files only. Sorry for the noise. However, you can still do it with normal permissions, if the users can't see the real directory. So I guess the solution would be to either jail it and mount it ro with nullfs into the jail and root would use the host system, or if it's on a different machine to nfs mount it ro and root would use the nfs host machine. The jail/nullfs trick I use with a template jail and standard ports that I don't want the jails to screw with. -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
