[BBLISA] Dual access to files by webserver and user.
Ian Levesque
ian at crystal.harvard.edu
Sat Nov 12 10:14:09 EST 2011
On Nov 12, 2011, at 12:58 AM, Ian Stokes-Rees wrote:
> That is a great post, and I'll forward it to Peter who I'm sure will be interested. Unfortunately the last paragraph or two describe that even with rpc.mountd there is a limit of ~150-200 groups. We'd already be hitting that limit with our current system. I need to at least be able to support 2000 users, and ideally 10k to 100k.
Yikes. I see a management nightmare in your future trying to handle this scenario with ACLs.
> I think the chmod u+t,g+t approach is currently the most promising,
I'm confused: +t adds the sticky bit, which means users in a shared directory can only delete their own files/dirs. There's no user/group context to the sticky bit.
If you mean u+s,g+s (SUID, SGID), I'm not sure that SUID on directories does what you think it does. I'm pretty sure on Linux it's ignored. Someone correct me if I'm wrong.
Do your users need shell access or just SSH-based access _to their files_? Modern OpenSSH allows for SFTP-only chroot, which might be a good option unless the users need to be able to execute arbitrary commands.
~irl
More information about the bblisa
mailing list