Hi, Bryan.

Bryan.ONeal@asu.edu wrote:
> I want to set up a group, say Golfers, and restrict
> them to only the golf directory, and its sub directories
> unless otherwise stated.
> How can I do this?

An important question is, what is it that you want them
to be *able* to do?  Then you can give them just that.
But as soon as they have access to fully generalized
commands, you can't be sure they can't hack it.

You could just go through all the directories in the
system and make sure that none are owned by that group,
and nothing is readable by "other".  But that's really a
tall order, and you're sure to slip up somewhere.

If you totally want to restrict them, you could give them
a login to a restricted shell, in a "chroot" environment
that would hide the rest of the system from them.

And/or, you could designate a special program as their
shell, allowing them only the commands they are allowed
to use, and set up so that any abort will be sure to
disconnect them.

There are operating system shells such as the one
used by aztecfreenet.org that work as a BBS but give
users a highly restricted environment.

Finally, you could just do it all as an Apache CGI
environment without allowing shell logins.
  
Vic


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss