SUMMARY: restricting exports by user rather than machine?

From: Christopher L. Barnard (cbarnard@cs.uchicago.edu)
Date: Tue Aug 29 1995 - 22:29:50 CDT


I originally asked:

> I need to restrict file access to a group of users. All of these
> users are in one netgroup, and I use that netgroup to restrict
> their access to six specific machines. I also want to restrict their
> access to some remotely mounted NFS disk partitions. (Faculty home
> directories, to be specific). I can't just not export those partitions
> to these six machines, because these faculty members may want to use
> these machines on occasion. So I need a way to prevent one netgroup
> from having permission to see certain file partitions. Does anyone
> know if this is possible? TIA & summary forthcoming...

Solution: it can't be done.

I received several helpful responses suggesting that I put all of the
faculty in one unix group and set their home directory partition to 750,
but that won't work in my setup unfortunately. I have lots of groups,
and doing this would deny access to all of them. There is only one
pariah group that I want to restrict. I guess this is what happens when
you try to define the entire world in three ways: me, us, and them.
I need a "you guys". ;^)

Thanks to:

amccammo@lehman.com
Al.Venz@seag.fingerhut.com (Al Venz)
"Brian T. Wightman" <wightman@sol.acs.uwosh.edu>
Glenn.Satchell@uniq.com.au (Glenn Satchell - Uniq Professional Services)
sdr@rdga3.att.com (S. D. Raffensberger 500622500 (RD))

+-----------------------------------------------------------------------------+
| Christopher L. Barnard http://www.cs.uchicago.edu/~cbarnard |
| #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL |
| ($k,$n)=@ARGV;$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2% |
| Sa2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*' |
| ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die"$0 [-d] k n\n")&~1)/2) |
+----------PGP public key available via finger or PGP keyserver---------------+



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:32 CDT