File:
[LON-CAPA] /
doc /
permissions.txt
Revision
1.2:
download - view:
text,
annotated -
select for diffs
Sun Jul 28 17:36:24 2002 UTC (21 years, 9 months ago) by
harris41
Branches:
MAIN
CVS tags:
version_2_9_X,
version_2_9_99_0,
version_2_9_1,
version_2_9_0,
version_2_8_X,
version_2_8_99_1,
version_2_8_99_0,
version_2_8_2,
version_2_8_1,
version_2_8_0,
version_2_7_X,
version_2_7_99_1,
version_2_7_99_0,
version_2_7_1,
version_2_7_0,
version_2_6_X,
version_2_6_99_1,
version_2_6_99_0,
version_2_6_3,
version_2_6_2,
version_2_6_1,
version_2_6_0,
version_2_5_X,
version_2_5_99_1,
version_2_5_99_0,
version_2_5_2,
version_2_5_1,
version_2_5_0,
version_2_4_X,
version_2_4_99_0,
version_2_4_2,
version_2_4_1,
version_2_4_0,
version_2_3_X,
version_2_3_99_0,
version_2_3_2,
version_2_3_1,
version_2_3_0,
version_2_2_X,
version_2_2_99_1,
version_2_2_99_0,
version_2_2_2,
version_2_2_1,
version_2_2_0,
version_2_1_X,
version_2_1_99_3,
version_2_1_99_2,
version_2_1_99_1,
version_2_1_99_0,
version_2_1_3,
version_2_1_2,
version_2_1_1,
version_2_1_0,
version_2_12_X,
version_2_11_X,
version_2_11_4_uiuc,
version_2_11_4_msu,
version_2_11_4,
version_2_11_3_uiuc,
version_2_11_3_msu,
version_2_11_3,
version_2_11_2_uiuc,
version_2_11_2_msu,
version_2_11_2_educog,
version_2_11_2,
version_2_11_1,
version_2_11_0_RC3,
version_2_11_0_RC2,
version_2_11_0_RC1,
version_2_11_0,
version_2_10_X,
version_2_10_1,
version_2_10_0_RC2,
version_2_10_0_RC1,
version_2_10_0,
version_2_0_X,
version_2_0_99_1,
version_2_0_2,
version_2_0_1,
version_2_0_0,
version_1_99_3,
version_1_99_2,
version_1_99_1_tmcc,
version_1_99_1,
version_1_99_0_tmcc,
version_1_99_0,
version_1_3_X,
version_1_3_3,
version_1_3_2,
version_1_3_1,
version_1_3_0,
version_1_2_X,
version_1_2_99_1,
version_1_2_99_0,
version_1_2_1,
version_1_2_0,
version_1_1_X,
version_1_1_99_5,
version_1_1_99_4,
version_1_1_99_3,
version_1_1_99_2,
version_1_1_99_1,
version_1_1_99_0,
version_1_1_3,
version_1_1_2,
version_1_1_1,
version_1_1_0,
version_1_0_99_3,
version_1_0_99_2,
version_1_0_99_1,
version_1_0_99,
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
version_0_99_0,
version_0_6_2,
version_0_6,
version_0_5_1,
version_0_5,
loncapaMITrelate_1,
language_hyphenation_merge,
language_hyphenation,
conference_2003,
bz6209-base,
bz6209,
HEAD,
GCI_3,
GCI_2,
GCI_1,
BZ4492-merge,
BZ4492-feature_horizontal_radioresponse,
BZ4492-feature_Support_horizontal_radioresponse,
BZ4492-Support_horizontal_radioresponse
fixing samba glitch description
1: --------------------------------------------------------------------------
2: Filesystem Permissions for 'www' and User Directories on a LON-CAPA system
3: contributed by Scott, sharrison@users.sourceforge.net
4: --------------------------------------------------------------------------
5:
6: 0. Synopsis
7:
8: 1. The 'users' group
9:
10: 2. The 'www' user and group (/home/httpd/html/res/)
11:
12: 3. /home/USERNAME/public_html/*
13:
14: 4. The Samba glitch
15:
16: **************************************************************************
17:
18: --------------------------------------------------------------------------
19: SECTION 0. Synopsis
20: --------------------------------------------------------------------------
21: (This file is only meant for those with experience administering
22: a Linux filesystem.)
23:
24: * THERE SHOULD NEVER BE A GROUP CALLED 'users'
25: * /home/httpd/html/res/* should be -rw-r-r--
26: and owned by www:www
27: * For any filesystem user,
28: /home/USERNAME/public_html/* should be -rw-rw-r--
29: and owned by USERNAME:USERNAME
30: (www:USERNAME is also okay)
31: for _all_ the files
32: /home/USERNAME/public_html/* should be drwxrwsr-x
33: and owned by USERNAME:USERNAME
34: (www:USERNAME is also okay)
35: for _all_ the subdirectories
36: including /home/USERNAME/public_html
37:
38: --------------------------------------------------------------------------
39: SECTION 1. The 'users' group (IT IS NOT NEEDED OR WANTED)
40: --------------------------------------------------------------------------
41: Early installations of LON-CAPA erroneously made use of the 'users' group.
42: The 'users' group is conventionally meant to indicate individual users
43: BELONGING to a group called 'users'.
44:
45: For example:
46: A user named USER1 is a member of a group named 'users'.
47: A user named USER2 is a member of a group named 'users'.
48: A user named USER3 is a member of a group named 'users'.
49:
50: However, on a LON-CAPA system, it is seldom the case where
51: USER1 should be able to access and/or alter USER2's information
52: directly through the filesystem.
53:
54: Therefore, the conventional notion of a 'users' group is INVALID
55: for the purposes of LON-CAPA.
56:
57: What is necessary on a LON-CAPA server system is a POWERFUL-USER
58: that belongs to one-member groups.
59:
60: For example: (This describes what we DO want)
61: A user named POWERFUL-USER is a member of a group named 'USER1'.
62: A user named POWERFUL-USER is a member of a group named 'USER2'.
63: A user named POWERFUL-USER is a member of a group named 'USER3'.
64:
65: Since LON-CAPA is essentially a world-wide web program, the
66: POWERFUL-USER exists by the name 'www'.
67:
68: **************************************************************************
69:
70: --------------------------------------------------------------------------
71: SECTION 2. The 'www' user and group (/home/httpd/html/res/)
72: --------------------------------------------------------------------------
73: 'www' needs to run important LON-CAPA programs on a LON-CAPA server.
74: No other entities need to run or access most of the LON-CAPA programs
75: via the filesystem.
76:
77: Therefore most of the LON-CAPA *software* files
78: (described in loncapa/doc/loncapafiles/loncapafiles.lpml)
79: should be owned by user=www and group=www (www:www).
80:
81: The LON-CAPA published files (/home/httpd/html/res)
82: should also be owned by user=www and group=www (www:www).
83:
84: **************************************************************************
85:
86: --------------------------------------------------------------------------
87: SECTION 3. /home/USERNAME/public_html/*
88: --------------------------------------------------------------------------
89: 'www' also needs the power to ACCESS and ALTER user directories on a
90: LON-CAPA server as described in the following section.
91:
92: /home/USERNAME/public_html/* should be -rw-rw-r--
93: and owned by USERNAME:USERNAME
94: (www:USERNAME is also okay)
95: for _all_ the files
96:
97: /home/USERNAME/public_html/* should be drwxrwsr-x
98: and owned by USERNAME:USERNAME
99: (www:USERNAME is also okay)
100: for _all_ the subdirectories
101: including /home/USERNAME/public_html/
102:
103: **************************************************************************
104:
105: --------------------------------------------------------------------------
106: SECTION 4. The Samba glitch
107: --------------------------------------------------------------------------
108: Samba was changing permissions of user files and directories
109: to be set like -rw-r-r- and drwxr-xr-x respectively
110: (going from Windows to Linux).
111:
112: There was no easy way to get Samba to produce a directory
113: setting like drwxrwsr-x.
114:
115: Therefore, Samba (smb.conf) should be configured with:
116: create mode = 0664
117: directory mode = 0775
118:
119: This will allow LON-CAPA to operate properly although
120: the rules in SECTION 3 are violated.
121:
122: Difficulty could still emerge though, if a user
123: generates a directory with Windows and then logs
124: into the Linux filesystem and creates a file under
125: that directory (the file would, alas, be of the
126: mode 0644 (-rw-r--r--)).
127:
128: Currently, for cases like this, we consider it to
129: be the responsibility of the user (who logs directly
130: into the Linux filesystem) to make proper use of the
131: 'chmod' command.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to permissions.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc