Directory permissions question

From: Gary Smith (gary.smith_at_primeexalia.com)
Date: 03/11/04 

Date: 10 Mar 2004 17:15:27 -0800

Hello,

We have a need to change the default group for the files under the
/home directory to something other than users. Here is an example

drwxr-xr-x 5 root root 4096 Mar 8 14:49 .
drwxr-xr-x 21 root root 4096 Mar 10 04:02 ..
drwx------ 2 adam users 4096 Mar 8 14:49 adam
drwxr-x--- 3 chris group27 4096 Mar 10 16:41 chris
drwxr-x--- 2 john group27 4096 Mar 10 16:35 john

The default group for the users is users. So when the home directory
is created it is set to username.users. As part of our user creation
scripting we set the group for the directory to be one of the
predefined groups that the user will belong to. By default, the users
do not have access to groupxx but other processes do. These processes
will need to be able to read files in there directories.

This has been working without any significant problems for some time
until a user decided to chown username.users to their directory and
then change the permissions to 700. Then the processes we have in
place broke.

Is there a way to allow users to have access to their home directory
but disallow them to make changes to the base /home/username
directory. i.e. can we prevent them from changing the group to
something else.

I was thinking about chmod'ing 700 the chown command but they
sometimes need it to set permissions on the files they create in their
home dir for the automated processing.

Any help would be greatly appriciated.

TIA,

Gary Smith

Relevant Pages