Last change
on this file since 29701 was 29701, checked in by Jeremy Symon, 9 years ago |
Added suid program for creating Greenstone folder in user home folders, and making it accessible by the tomcat group
|
File size:
1.2 KB
|
Line | |
---|
1 | This is a suid program for creating greenstone folders in users' home folders.
|
---|
2 | It should be owned by root:tomcat, and have the SUID bit set, i.e.
|
---|
3 |
|
---|
4 | sudo chown root:tomcat7 ./gs-mkdir
|
---|
5 | sudo chmod u+s ./gs-mkdir
|
---|
6 |
|
---|
7 | Build with:
|
---|
8 |
|
---|
9 | gcc -o gs-mkdir gs-mkdir.c -lacl
|
---|
10 |
|
---|
11 | When given a valid username, it will create a 'Greenstone' folder in that
|
---|
12 | user's home folder, chown it to be owned by that user, and use ACL (Access
|
---|
13 | Control Lists) to allow both Tomcat and the given user to read and write files
|
---|
14 | in that folder.
|
---|
15 |
|
---|
16 | In order for Tomcat to access the user's Greenstone folder, it also has to be
|
---|
17 | able to traverse the directories leading to it (i.e. /home/<user>/).
|
---|
18 | To do this, the executable bit must be set on those directories. The following
|
---|
19 | permissions will work:
|
---|
20 |
|
---|
21 | drwx--x--x
|
---|
22 |
|
---|
23 | Explanation:
|
---|
24 | The read permission on a directory allows listing the files in that directory.
|
---|
25 | The execute permission on a directory allows traversing to a known file in that
|
---|
26 | directory (i.e. if a directory is executable, but not readable, you can only
|
---|
27 | get to files that you know the name of).
|
---|
28 | Since we know the name of the Greenstone folder, we can get to it directly, and
|
---|
29 | don't need read permissions on the user's home folder.
|
---|
Note:
See
TracBrowser
for help on using the repository browser.