File:
[LON-CAPA] /
doc /
permissions.txt
Revision
1.2:
download - view:
text,
annotated -
select for diffs
Sun Jul 28 17:36:24 2002 UTC (21 years, 9 months ago) by
harris41
Branches:
MAIN
CVS tags:
version_2_9_X,
version_2_9_99_0,
version_2_9_1,
version_2_9_0,
version_2_8_X,
version_2_8_99_1,
version_2_8_99_0,
version_2_8_2,
version_2_8_1,
version_2_8_0,
version_2_7_X,
version_2_7_99_1,
version_2_7_99_0,
version_2_7_1,
version_2_7_0,
version_2_6_X,
version_2_6_99_1,
version_2_6_99_0,
version_2_6_3,
version_2_6_2,
version_2_6_1,
version_2_6_0,
version_2_5_X,
version_2_5_99_1,
version_2_5_99_0,
version_2_5_2,
version_2_5_1,
version_2_5_0,
version_2_4_X,
version_2_4_99_0,
version_2_4_2,
version_2_4_1,
version_2_4_0,
version_2_3_X,
version_2_3_99_0,
version_2_3_2,
version_2_3_1,
version_2_3_0,
version_2_2_X,
version_2_2_99_1,
version_2_2_99_0,
version_2_2_2,
version_2_2_1,
version_2_2_0,
version_2_1_X,
version_2_1_99_3,
version_2_1_99_2,
version_2_1_99_1,
version_2_1_99_0,
version_2_1_3,
version_2_1_2,
version_2_1_1,
version_2_1_0,
version_2_12_X,
version_2_11_X,
version_2_11_4_uiuc,
version_2_11_4_msu,
version_2_11_4,
version_2_11_3_uiuc,
version_2_11_3_msu,
version_2_11_3,
version_2_11_2_uiuc,
version_2_11_2_msu,
version_2_11_2_educog,
version_2_11_2,
version_2_11_1,
version_2_11_0_RC3,
version_2_11_0_RC2,
version_2_11_0_RC1,
version_2_11_0,
version_2_10_X,
version_2_10_1,
version_2_10_0_RC2,
version_2_10_0_RC1,
version_2_10_0,
version_2_0_X,
version_2_0_99_1,
version_2_0_2,
version_2_0_1,
version_2_0_0,
version_1_99_3,
version_1_99_2,
version_1_99_1_tmcc,
version_1_99_1,
version_1_99_0_tmcc,
version_1_99_0,
version_1_3_X,
version_1_3_3,
version_1_3_2,
version_1_3_1,
version_1_3_0,
version_1_2_X,
version_1_2_99_1,
version_1_2_99_0,
version_1_2_1,
version_1_2_0,
version_1_1_X,
version_1_1_99_5,
version_1_1_99_4,
version_1_1_99_3,
version_1_1_99_2,
version_1_1_99_1,
version_1_1_99_0,
version_1_1_3,
version_1_1_2,
version_1_1_1,
version_1_1_0,
version_1_0_99_3,
version_1_0_99_2,
version_1_0_99_1,
version_1_0_99,
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
version_0_99_0,
version_0_6_2,
version_0_6,
version_0_5_1,
version_0_5,
loncapaMITrelate_1,
language_hyphenation_merge,
language_hyphenation,
conference_2003,
bz6209-base,
bz6209,
HEAD,
GCI_3,
GCI_2,
GCI_1,
BZ4492-merge,
BZ4492-feature_horizontal_radioresponse,
BZ4492-feature_Support_horizontal_radioresponse,
BZ4492-Support_horizontal_radioresponse
fixing samba glitch description
--------------------------------------------------------------------------
Filesystem Permissions for 'www' and User Directories on a LON-CAPA system
contributed by Scott, sharrison@users.sourceforge.net
--------------------------------------------------------------------------
0. Synopsis
1. The 'users' group
2. The 'www' user and group (/home/httpd/html/res/)
3. /home/USERNAME/public_html/*
4. The Samba glitch
**************************************************************************
--------------------------------------------------------------------------
SECTION 0. Synopsis
--------------------------------------------------------------------------
(This file is only meant for those with experience administering
a Linux filesystem.)
* THERE SHOULD NEVER BE A GROUP CALLED 'users'
* /home/httpd/html/res/* should be -rw-r-r--
and owned by www:www
* For any filesystem user,
/home/USERNAME/public_html/* should be -rw-rw-r--
and owned by USERNAME:USERNAME
(www:USERNAME is also okay)
for _all_ the files
/home/USERNAME/public_html/* should be drwxrwsr-x
and owned by USERNAME:USERNAME
(www:USERNAME is also okay)
for _all_ the subdirectories
including /home/USERNAME/public_html
--------------------------------------------------------------------------
SECTION 1. The 'users' group (IT IS NOT NEEDED OR WANTED)
--------------------------------------------------------------------------
Early installations of LON-CAPA erroneously made use of the 'users' group.
The 'users' group is conventionally meant to indicate individual users
BELONGING to a group called 'users'.
For example:
A user named USER1 is a member of a group named 'users'.
A user named USER2 is a member of a group named 'users'.
A user named USER3 is a member of a group named 'users'.
However, on a LON-CAPA system, it is seldom the case where
USER1 should be able to access and/or alter USER2's information
directly through the filesystem.
Therefore, the conventional notion of a 'users' group is INVALID
for the purposes of LON-CAPA.
What is necessary on a LON-CAPA server system is a POWERFUL-USER
that belongs to one-member groups.
For example: (This describes what we DO want)
A user named POWERFUL-USER is a member of a group named 'USER1'.
A user named POWERFUL-USER is a member of a group named 'USER2'.
A user named POWERFUL-USER is a member of a group named 'USER3'.
Since LON-CAPA is essentially a world-wide web program, the
POWERFUL-USER exists by the name 'www'.
**************************************************************************
--------------------------------------------------------------------------
SECTION 2. The 'www' user and group (/home/httpd/html/res/)
--------------------------------------------------------------------------
'www' needs to run important LON-CAPA programs on a LON-CAPA server.
No other entities need to run or access most of the LON-CAPA programs
via the filesystem.
Therefore most of the LON-CAPA *software* files
(described in loncapa/doc/loncapafiles/loncapafiles.lpml)
should be owned by user=www and group=www (www:www).
The LON-CAPA published files (/home/httpd/html/res)
should also be owned by user=www and group=www (www:www).
**************************************************************************
--------------------------------------------------------------------------
SECTION 3. /home/USERNAME/public_html/*
--------------------------------------------------------------------------
'www' also needs the power to ACCESS and ALTER user directories on a
LON-CAPA server as described in the following section.
/home/USERNAME/public_html/* should be -rw-rw-r--
and owned by USERNAME:USERNAME
(www:USERNAME is also okay)
for _all_ the files
/home/USERNAME/public_html/* should be drwxrwsr-x
and owned by USERNAME:USERNAME
(www:USERNAME is also okay)
for _all_ the subdirectories
including /home/USERNAME/public_html/
**************************************************************************
--------------------------------------------------------------------------
SECTION 4. The Samba glitch
--------------------------------------------------------------------------
Samba was changing permissions of user files and directories
to be set like -rw-r-r- and drwxr-xr-x respectively
(going from Windows to Linux).
There was no easy way to get Samba to produce a directory
setting like drwxrwsr-x.
Therefore, Samba (smb.conf) should be configured with:
create mode = 0664
directory mode = 0775
This will allow LON-CAPA to operate properly although
the rules in SECTION 3 are violated.
Difficulty could still emerge though, if a user
generates a directory with Windows and then logs
into the Linux filesystem and creates a file under
that directory (the file would, alas, be of the
mode 0644 (-rw-r--r--)).
Currently, for cases like this, we consider it to
be the responsibility of the user (who logs directly
into the Linux filesystem) to make proper use of the
'chmod' command.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to permissions.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc