On 22/04/2010 14:58, Fredrich Maney wrote:
Inheritable ACLs set on the dataset or home directory level would
handle this. If all of a customer's data was in their home directory,
and the home directory is setuid/setgid with ACLs that prevent other
users from getting in there, and /export/home has ACLs that allows
users to execute, but not read the directory, then no user will be
able to see another's files, or even if they have a home directory
(barring their ability to look in /etc/passwd, /etc/group and the
like).
Note that not having directory read access all the way back to / can
break stuff, because `pwd' and `getcwd()' won't work any more. I've
seen some things get a bit upset about this.
Rob
--
E-Mail: rob.mcma...@warwick.ac.uk PHONE: +44 24 7652 3037
Rob McMahon, IT Services, Warwick University, Coventry, CV4 7AL, England
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
