|
Last change
on this file since 29704 was 29701, checked in by Jeremy Symon, 9 years ago |
|
Added suid program for creating Greenstone folder in user home folders, and making it accessible by the tomcat group
|
|
File size:
1.2 KB
|
| Line | |
|---|
| 1 | This is a suid program for creating greenstone folders in users' home folders.
|
|---|
| 2 | It should be owned by root:tomcat, and have the SUID bit set, i.e.
|
|---|
| 3 |
|
|---|
| 4 | sudo chown root:tomcat7 ./gs-mkdir
|
|---|
| 5 | sudo chmod u+s ./gs-mkdir
|
|---|
| 6 |
|
|---|
| 7 | Build with:
|
|---|
| 8 |
|
|---|
| 9 | gcc -o gs-mkdir gs-mkdir.c -lacl
|
|---|
| 10 |
|
|---|
| 11 | When given a valid username, it will create a 'Greenstone' folder in that
|
|---|
| 12 | user's home folder, chown it to be owned by that user, and use ACL (Access
|
|---|
| 13 | Control Lists) to allow both Tomcat and the given user to read and write files
|
|---|
| 14 | in that folder.
|
|---|
| 15 |
|
|---|
| 16 | In order for Tomcat to access the user's Greenstone folder, it also has to be
|
|---|
| 17 | able to traverse the directories leading to it (i.e. /home/<user>/).
|
|---|
| 18 | To do this, the executable bit must be set on those directories. The following
|
|---|
| 19 | permissions will work:
|
|---|
| 20 |
|
|---|
| 21 | drwx--x--x
|
|---|
| 22 |
|
|---|
| 23 | Explanation:
|
|---|
| 24 | The read permission on a directory allows listing the files in that directory.
|
|---|
| 25 | The execute permission on a directory allows traversing to a known file in that
|
|---|
| 26 | directory (i.e. if a directory is executable, but not readable, you can only
|
|---|
| 27 | get to files that you know the name of).
|
|---|
| 28 | Since we know the name of the Greenstone folder, we can get to it directly, and
|
|---|
| 29 | don't need read permissions on the user's home folder.
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
