[scponly] PATCH: support for multiple users with the same uid
Kaleb Pederson
kibab at icehouse.net
Thu Jun 7 00:42:24 EDT 2007
On Wednesday 06 June 2007, Steve Kehlet wrote:
> > Just
> > to make sure I'm understanding this, what you do is put multiple
> > lines in
> > /etc/passwd which have different usernames but the same uid?
>
> Yes, exactly. Multiple passwd entries, each has a different
> username, password, home directory, and jail, but they all have the
> same uid. Since their scp/sftp access is jailed, they can only get
> to their own stuff. There's a daemon process, running as that same
> uid, that looks for files inside people's jails and does some
> processing on them.
>
> By doing it this way I'm saving the headache of managing group
> permissions between that daemon process and each user. Running a
> daemon per user is not an option. You're not going to win any
> sysadmin of the year awards for designing a system that overloads
> uids, but... in this case it's solid and it works.
What I usually do to work around the group permissions issue is to setup a
default ACL that gives the daemon full access to the files. The ACL lets the
daemon change the file, rename it, etc. and makes the users umask and file
permissions irrelevant. As long as the filesystem in questions supports file
and directory default ACLs, this method works extremely well and still allows
the operating system to enforce permissions.
This also allows me to use group permissions as needed, but doesn't require
that they be in place.
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20070607/c7c9cbc3/attachment.bin
More information about the scponly
mailing list