linux filesystem kernel module/chrooting/xfs/etc.
Nathan Neulinger
nneul at umr.edu
Thu Apr 27 21:36:48 CEST 2000
Harald Barth wrote:
>
> Would it be any problem to have something like
>
> /users/bob/tools/bin/...
> /users/bob/tools/lib/...
> /users/bob/data/...
> /users/phil/tools/...
> /users/phil/data/...
>
> bob is mount point for volume users.bob
> phil is mount point for volume users.phil
> tools is mount point for common.tools
> tools has permissons that are read-only for users bob and phil
>
> This requires that you have something like AFS volumes or fake such a
> thing (loopback mounts?). With AFS volumes you can have thousands of
> mountpoints. I doubt loopback mounts fix that. Hope I didn't
> misunderstand your question.
That would work, unfortunately, in this particular circumstance I need
this, I'm not using AFS. (How's milko coming? hint hint) I administer
afs at umr.edu cell, but I'm working on this security stuff somewhere
else.
I think what I've come to is that for the time being, I'm just going to
rework all of our server processes that would be affected by the
permissions, and do a minimal level of permissions on each users top
level home directory, along with loopback NFS mounts within the chrooted
area. It's not quite as locked down as I'd like, as users can still
screw themselves over by opening up permissions.
I wish there was a way to make it so users couldn't change permissions
on a particular directory, i.e. their home dir. Sort of like a chattr
for directories. Of course, that would tie me specifically to ext2. Ah
well, cron'll work, ugly, but it will work.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216
More information about the Arla-drinkers
mailing list