Rick Zeman said in [netatalk-admins] the big step... at 21/Mar/1999 (Sun)
16:16:11.
> What would be the best to set up /mac so each user can read everything,
> but only write/delete what they've created. Easy to do it netware,
> but....
Make a new group, say, macusers, and add all of the users that need shareable
access to that group.
chown --recursive admin:macusers /mac
chmod 2770 /mac
This should make a "sticky" bit for GID permissions, and such. So that all
created objects inherit the "macusers" group. [Someone correct me if I'm
wrong, please].
Then.... you should create the "Network Trash Folder"
make it owned by the admin, and og+rx only.
Then, for each user, make a Trash Can #n (where n is an ascending integer)
owned by them, mode 0700.
If you had many users, I'd write a small script that looked at a specified
group, and did all of this nonsense for you. It wouldn't be terribly
difficult to write.
For instance, my Trashcan folder looks like this:
drwx------ 8 bugs root 1024 Mar 17 08:46 Trash\ Can\ #1/
drwx------ 3 daffy root 1024 Mar 15 16:53 Trash\ Can\ #2/
drwx------ 2 tweety root 2048 Mar 17 19:58 Trash\ Can\ #3/
drwx------ 2 foghorn root 1024 Mar 4 16:14 Trash\ Can\ #4/
-rwxrwxrwx 1 root root 0 Aug 20 1998 Trash\ Can\ Usage\ Map
[This will allow each user to have their own "trash can" without other users
being able to sniff through them... it will also allow trash can
functionality. This is one of the known work-arounds for Network Trash
functionality - the others require source patches. Adrian: if you've fixed
this with the byte-locking functionality you've added recently, let us
know... ]
Voila! You should be all set.
One of these days, I'll add "samba-like" share-level controls over the
ownerships of created directories, files, and allowed users, etc.
=Rob=
