[nSLUG] User Access Strategies

Jamie Fifield jamie at fifield.ca
Mon Nov 1 16:29:39 AST 2004


If you want to go overkill, you could use Kerberos. :)

But file acl's are probably the quick and reasonable solution.

On Mon, Nov 01, 2004 at 03:35:58PM -0400, Jeff MacDonald wrote:
> forgot to mention, i'm using freebsd ;)
> 
> but it does have acl support, i'll see if i'm running a recent enough version.
> 
> using cvs isn't an option, althought that's were all the code is, the
> files on the server differ, because our software is written once and
> changed many times, with different settings files etc.
> 
> 
> On Mon, 01 Nov 2004 15:35:38 -0400, Rory <rory at unixism.org> wrote:
> > use facl based permissions.   This gives you much finer-grain control
> > over file perms and inheritance than good old chmod g+s schemes.
> > 
> > take a look at man pages for getfacl and setfacl.   Also some popular
> > linux mags have had articles on their use.   facls have saved me a lot
> > of pain on file servers that need strange sharing between users.
> > 
> > R
> > 
> > 
> > 
> > 
> > Jeff MacDonald wrote:
> > 
> > >Hi
> > >
> > >We have 3 developers, that need access to all files in
> > >
> > >/usr/www/
> > >
> > >As well some of those files have to be owned by clients.
> > >
> > >Latly there has been alot of need for intervention of root [aka "me"]
> > >to chown/chmod files etc, and it's getting to be a pain in the arse.
> > >
> > >The solution I have come up with from research etc is to make a group
> > >[lets say, "dev"] and chgrp all files to that group. Then chmod g+rwx
> > >all files, and set the sticky bit so new files/directories inherit
> > >from their parents. Finally change the umask of the developers to 002...
> > >
> > >My other idea was to make a "pseudo account" that all the developers use..
> > >this seems great, but also seems to go against everything i believe in :)
> > >
> > >Finally, give the guys sudo to chmod/chgrp, but that just seems crazy.
> > >
> > >anyways, let me know your opinions.
> > >
> > >
> > >
> > 
> > _______________________________________________
> > nSLUG mailing list
> > nSLUG at nslug.ns.ca
> > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> > 
> > 
> > 
> > 
> 
> 
> -- 
> Jeff MacDonald
> http://www.bignose.ca
> 
> 
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> 
> 

-- 
Jamie Fifield
<jamie at fifield.ca>

!DSPAM:41869bc6206121933617014!




More information about the nSLUG mailing list