On Thu, May 1, 2008 at 9:54 AM, Richard S. Crawford <[EMAIL PROTECTED]> wrote: > Here's what I'm trying to do. Maybe I'm shooting for the moon here, but it > can't hurt to try. > > I have several sites on my host, and several users who need access to > subdirectories within those sites. For example: > > /V_HOST/SITE_ONE/CAMPUS/COURSES > /V_HOST/SITE_TWO/CAMPUS/COURSES > > We have educational designers who need to be able to get into the COURSES > directories of SITE_ONE and SITE_TWO, but not in any other subdirectory, or > any subdirectory above the COURSES subdirectories. In an ideal world, my > educational designers would only have to worry about one login, rather than > having to have a second login for each site. > > I created a subdirectory under V_HOST called "designers". Under "designers" > I created one subdirectory for each designer. Then in each of those > subdirectories I created a symbolic link to the various COURSES > subdirectories. For example: > > /V_HOST/DESIGNERS/USER_1 > COURSES_ONE -> /V_HOST/SITE_ONE/COURSES > COURSES_TWO -> /V_HOST/SITE_TWO/COURSES > > This didn't work until I gave the user account for each designers the same > UID as the user that owns the entire site. I thought it was a great solution > until I discovered that the education designers, once they followed the > symbolic links to the COURSES subdirectories, could then browse to higher > level directories in their FTP client. I trust the designers not to make any > willful changes to the code elsewhere, but accidents can happen. Plus we're > talking about allowing people outside our office having access to the > courses subdirectories. > > I tried creating a new user account and switching ownership of the courses > subdirectories to that user, then setting the UID of one of my designers > accounts to the same UID as the new user, but I got a "permission denied" > error when I attempted to follow the symbolic link to the courses > subdirectory. > > The host has SELinux enabled, and, unfortunately, I don't have the option of > disabling it. > > Does anyone have any suggestions for how to go about doing what I want to > do? Am I living in a dreamworld here? >
How about groups? 1. Create a course_designers group. 2. Change group ownership of the COURSES directories to course_designers. 3. Add your designers' users to course_designers. -Bryan _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
