Hello Hans. Thanks for your reply. Sorry, my mail client isn't able to wrap at approx 72 characters. It's a java template in our groupware application ...
You're right. The home directory don't have to be exported. My configuration file /etc/exports has the entries: /home/ws001 ws001(rw) I think, that doesn't matter. Hiding data above ~/ - yes, I have to do that. I thought about using lids ... Regards Stefan Hans Ekbrand (29/10/2002 13:22): >On Tue, Oct 29, 2002 at 11:09:00AM +0200, Burkhardt Stefan wrote: >> Sorry for my not perfect confirmation to linux stuff, in the following I will >describe a problem that should be solved already in very much installations ... > >Please wrap your lines at approx 72 characters. > >> I have a ltsp configuration is working well with the application staroffice and >other applications. The terminals are diskless systems - so there's no chance to >change something at the terminal. >> !!If you save files you will see not only the exported home directory. You will see >the whole file system. It's as the same as locally logged in at the server. > >The home directory is (normally) not exported. The users are logged in >at the server, it doesn't matter the are logged in locally or >remotely, for the users it will appear exactly the same. > >> Is there a possibility to deny directory access for users without working with the >rwx attributes? Attributing all the files in the whole file system is not my thing >... and I think this would be not so easy with the need of accessing to some system >files for executing applications ... >> > >There are at least two strategies for achieving your goal, both of >them are imperfect to say the least. > >1. log in users to chroot-jail. Understand that they will only be able >to run programs installed in the chroot environment. > >2. Stop them from running programs that can access data above ~/. >Very crude. I remember that some file manager (mftools?) was hacked to >not display files above ~/, but for OO or browsers I don't think that >is possible. An alternative is running programs locally which will >be about as impractical to administer as 1, and don't benefit from >the resources on the server. > >Evalute the needs again. Do you really need to hide that data? If so, >do you really need to store it on the server? > >-- > >Hans Ekbrand ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net