On Wednesday, April 26, 2000, David Lancaster <[EMAIL PROTECTED]> wrote: >I asked this earlier, but I thought I'd repost with a little more detail to >see if I can stimulate a few synapses. > >The scenario is this: >Redhat 6.0 server >netatalk-1.4b2+asun2.1.3-7 > >The major objective/sticky point is creating user accounts so that clients >can upload files, and Customer Service can read/write to said files. I want >to prevent Clients from reading each others data. > >The only way I can figure for this to work is to create a seperate group for >each Client, and add Customer Service to it. > >ie. >/home/Clients/joeclient (shared via ~ to joeclient in afpd.conf, and via >a share of /home/Clients to Customer Service) >permissions: rwxrws--- joeclient.joeclient > >Then when joeclient writes a file, it gets permissions rwxrwx--- >joeclient.joeclient, and Customer Service can read it since it is a member >of the joeclient group. >If Customer Service throws a file in joeclient's folder, it gets rwxrwx--- >custserv.joeclient (setgid forces the group) and joeclient can read it since >it is a member of the joeclient group. > >I can't think of any easier way to do this (but then again, my exploration >of *nix permissions is somewhat limited), so I'd appreciated any commentary >that anyone can give. I'd rather not have to create and maintain a group >for each client, but without ACLs, I can't see any way to set the relevant >permissions. > >David Lancaster On one of my netatalk+asun machines I have special accounts set up for customers to use. Their "home" directory is a directory under /AppleShare. Each customer has a .AppleVolumes file in their home directory which only offers them one share: their home directory. Permission for all directories is 770, and all share a common group called users. Company employees have a different .AppleVolumes (in *their* home directory, a symlink to /etc/AppleVolumes) file, which among other things offers them the /AppleShare mount point, so they can move files into and out of the Clients directory easily. -- Peter Gutowski [EMAIL PROTECTED] // www.powervue.com/~peterg // h: 413-584-7820
