[BBLISA] Dual access to files by webserver and user.
Bill Bogstad
bogstad at pobox.com
Sat Nov 12 22:28:47 EST 2011
On Sat, Nov 12, 2011 at 10:14 AM, Ian Levesque <ian at crystal.harvard.edu> wrote:
>
> On Nov 12, 2011, at 12:58 AM, Ian Stokes-Rees wrote:
>
>> That is a great post, and I'll forward it to Peter who I'm sure will be interested. Unfortunately the last paragraph or two describe that even with rpc.mountd there is a limit of ~150-200 groups. We'd already be hitting that limit with our current system. I need to at least be able to support 2000 users, and ideally 10k to 100k.
>
> Yikes. I see a management nightmare in your future trying to handle this scenario with ACLs.
>
>
>> I think the chmod u+t,g+t approach is currently the most promising,
>
> I'm confused: +t adds the sticky bit, which means users in a shared directory can only delete their own files/dirs. There's no user/group context to the sticky bit.
>
> If you mean u+s,g+s (SUID, SGID), I'm not sure that SUID on directories does what you think it does. I'm pretty sure on Linux it's ignored. Someone correct me if I'm wrong.
It works for me the last time I checked (which was 60 seconds before I
sent this email (just in case something had changed since the last
time I did this)). If you have root on a machine its pretty easy to
test this in less then a minute...
Bill Bogstad
More information about the bblisa
mailing list