Hi Daryl: I recall elsewhere you explained that you didn't want to resort to using permissions as in your scenario, that approach would prove unwieldy. I believe I understand the kind of access/control boundaries you seek to impose for your users in accessing documents.
Unfortunately, in my experience the OS which did that best was IBM's AIX. Sun, of course, has a great reputation regarding security as well. Both AIX and Solaris provide security features which are available to applications to utilize or include as an extension of security features embedded within the application. You may have to consider the commercial product StarOffice as their internal controls over documents would address features at the application level which I really don't believe Open Office as an open source application is designed to do. It is likely you probably want something stronger or more completely restrictive than a password lock on documents. Besides regardless how good Open Office may be, as an open source project whatever security it has or can implement is, by definition, available for study by anyone at all. The good thing about StarOffice is that the cost is reasonable; contact Sun directly regarding your performance and execution requirements. Best wishes... On Fri, 2006-02-17 at 16:04 +1100, Daryl Sayers wrote: > >> This cannot be easily accomplished with file system permission as > >> as it will not scale to the 50 or so users we have. Each user will > >> have a unique set of public directorys that they should have access to. > >> In Applix this was resolved by a script and config file with the result > >> pushed into the AX_ACCESS_DIRPATH environment variable. > > > > Hi Daryl, > > Why not use normal unix user and group permissions. You can have a > > user in MANY groups if necessary. > > It still means that if I have a public file I am unable to control someone > else being able to read or write to an existing file. > > eg 1A: > I saved a file in the public area accounts. I have a umask of 2 to allow > others to modify, except I dont want anyone to touch this file.... > > eg 1B: > I saved a file in the public area accounts. I have a umask of 22 for more > security. Problem is that I would like someone else to add his/her additions > to this new file. > > With Applixware I was able to select the permissions when saving the file. > > I also have a problem with using group permission on home directorys. As > stated we run FreeBSD that has one 'user' group. This means we have to allow > everyone in or lock everyone out of each persons home directory. > > I am also concerned about users being able to browse around and view > (read only) system config files. /etc/passwd, dhcp configs printcap are > examples. Now they cannot do any damage but why cant I restrict their > movements. > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
