>>>>> "CPHennessy" == CPHennessy <[EMAIL PROTECTED]> writes:
> On Wed February 15 2006 03:12, Daryl K Sayers wrote: >> We were an Applixware site and have finally biten the bullet and are >> migrating to Open office. We are using FreeBSD 4.11 and so we are using the >> current 1.1 port of Open Office. Our problem is one of file security and >> public access. >> >> Currently our users have a umask of 2, meaning they are able to view >> other peoples documents but cannot modify newly created publicly sharable >> documents. >> >> In applixware there was an environment variable called AX_ACCESS_DIRPATH >> that a sysadmin could set to restrict access to certain directorys. As >> our users never gain shell access this was a simple way of restricting the >> directorys a user could browse and read. eg: >> >> AX_ACCESS_DIRPATH=$HOME:/public/share/admin:/public/share/socialclub >> >> Would allow access to 3 directory trees. >> >> The other Applixware feature was when a user saves a document the save >> pop up box allowed the user to select the Read/write permissions for >> group and other. By setting or reseting these buttons one had control >> over who could view or write to each file. >> >> >> It seems that Open office does not have either of these features. So >> my question is: >> >> In a multiuser environment where many people are running Open office >> on the same local filesystem how does one restrict access to a set of >> documents for a user, and at the same time maintain multiple publicly >> accessable areas for shared document access. >> >> eg: >> >> joe has private access to: >> /home/joe/documents >> joe has public access to: >> /public/share/admin >> /public/share/accounts >> >> sharon has private access to: >> /home/sharon/mydocs >> sharon has public access to: >> /public/share/admin >> /public/share/purchaseorders >> /public/share/sales >> >> This cannot be easily accomplished with file system permission as >> as it will not scale to the 50 or so users we have. Each user will >> have a unique set of public directorys that they should have access to. >> In Applix this was resolved by a script and config file with the result >> pushed into the AX_ACCESS_DIRPATH environment variable. > Hi Daryl, > Why not use normal unix user and group permissions. You can have a > user in MANY groups if necessary. It still means that if I have a public file I am unable to control someone else being able to read or write to an existing file. eg 1A: I saved a file in the public area accounts. I have a umask of 2 to allow others to modify, except I dont want anyone to touch this file.... eg 1B: I saved a file in the public area accounts. I have a umask of 22 for more security. Problem is that I would like someone else to add his/her additions to this new file. With Applixware I was able to select the permissions when saving the file. I also have a problem with using group permission on home directorys. As stated we run FreeBSD that has one 'user' group. This means we have to allow everyone in or lock everyone out of each persons home directory. I am also concerned about users being able to browse around and view (read only) system config files. /etc/passwd, dhcp configs printcap are examples. Now they cannot do any damage but why cant I restrict their movements. -- Daryl Sayers To reply please remove the XYZ from the email address. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
