On Tue, Oct 29, 2002 at 11:09:00AM +0200, Burkhardt Stefan wrote: > Sorry for my not perfect confirmation to linux stuff, in the following I will >describe a problem that should be solved already in very much installations ...
Please wrap your lines at approx 72 characters. > I have a ltsp configuration is working well with the application staroffice and >other applications. The terminals are diskless systems - so there's no chance to >change something at the terminal. > !!If you save files you will see not only the exported home directory. You will see >the whole file system. It's as the same as locally logged in at the server. The home directory is (normally) not exported. The users are logged in at the server, it doesn't matter the are logged in locally or remotely, for the users it will appear exactly the same. > Is there a possibility to deny directory access for users without working with the >rwx attributes? Attributing all the files in the whole file system is not my thing >... and I think this would be not so easy with the need of accessing to some system >files for executing applications ... > There are at least two strategies for achieving your goal, both of them are imperfect to say the least. 1. log in users to chroot-jail. Understand that they will only be able to run programs installed in the chroot environment. 2. Stop them from running programs that can access data above ~/. Very crude. I remember that some file manager (mftools?) was hacked to not display files above ~/, but for OO or browsers I don't think that is possible. An alternative is running programs locally which will be about as impractical to administer as 1, and don't benefit from the resources on the server. Evalute the needs again. Do you really need to hide that data? If so, do you really need to store it on the server? -- Hans Ekbrand
msg09028/pgp00000.pgp
Description: PGP signature
