Security problem

Patrick Zwahlen Tue, 11 Jan 2000 09:05:33 -0800
Hi you all...

We're running the "official" netatalk-1.4b2+asun2.1.3-6 RPM on a RedHat
6.1 (i386). The package is working just well, with both DDP and TCP.

What we're setting up is a Linux-based File Server for a Company, where
we'd like everybody to have access to the same information from both PCs
and MACs. we're thus using both Samba and Netatalk to share the same
folders for the two worlds.

We had no problem setting up a completely shared company-wide public
directory, where anybody can just read and write. The same way, we're
exporting each user's private home directory, where he and only he can
write and read data. Finally, we also managed to have 'per-department'
shared directories, where some people associated with a UNIX group (GID)
can read and write into.

However, we also need to set up what I would call 'moderated' shares,
where people associated with a GID can read files, but where only ONE
person can write. And here comes the problem: The owner of the directory
and files is the guy who can WRITE in this SHARE. The GID of files and
dirs is the one containing people who can READ in this share. Thus, we
have the following UNIX permissions:

 DIRS:  RWXR-X---
 FILES: RW-R-----

This works well with Samba, but because of the permissions, Netatalk
cannot create the '.AppleDouble' directory for regular users (NOT the
moderator). Thus, in many cases, people cannot open files, and even the
application association doesn't work (every file is seen as a TEXT file,
being opened with SimpleText), even if the extension is '.doc' or '.mp3'
or whatever. As soon as we let people write to the directories, ie:

 DIRS:  RWXRWX---

it works well. However, we DON'T WANT to let people the write access to
directories, because they could then move directories around :-(((

Has anyone of you an idea to solve our problem ? Any help would be
greatly appreciated.

Thx a lot,               - Patrick -
-- 
Patrick Zwahlen                    E-Mail: [EMAIL PROTECTED]
B2B, WAN Administrator             Phone:  +41 (0)21-641-5950
World Online Switzerland           Mobile: +41 (0)78-671-1554
Av. Gratta-Paille 2                Fax:    +41 (0)21-683-1344
CH-1000 Lausanne 30 (Switzerland)  Web:    http://www.worldonline.ch
Security problem

Reply via email to
