Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: ibay without admin access rights?
« previous next »
Pages: [1]   Go Down

ibay without admin access rights?

  • 2 Replies
  • 694 Views

frogged1975

ibay without admin access rights?
« on: February 13, 2004, 06:28:10 AM »
I've done a little reading but haven't answered this one yet.
Using 6.3B, I've made a group and an Ibay for certain users to access. I want to make the user 'admin' unable to access this folder (seems redundant I know, but that's what I need here atm). The ibay rights of 'write =group read=group' seem to still allow 'admin' to read the ibay, even tho 'admin' is not a member of that group. I have not got a tiered grouping system in place atm, so no prob there. the only odd thing I have is a symlink pointing to the ibay I'm trying to isolate.

any clues?
Logged

Offline grand-pa

  • *
  • 190
  • +0/-0
    • SME Server Fr
ibay without admin access rights?
« Reply #1 on: February 13, 2004, 04:29:11 PM »
First, you should use the final version v6.0 instead of the beta 3. :hammer:

Second, 'admin' is the system administrator account and have all the rights on the entire operating system (like the 'root' account). So, how could it be excluded from reading a part of the filesystem ?

The only way to disable admin to see your i-bay is to restrict its rights, but in that case you will be unable to configure your SME anymore ! :-P
Logged
SME Server v7.4 Server and gateway
Shuttle K45, Celeron E1400, 2x1Go DDR2, 2x250 Go SATA2 RAID-1

Michiel

Re: ibay without admin access rights?
« Reply #2 on: February 15, 2004, 01:42:01 PM »
Quote from: "frogged1975"
I want to make the user 'admin' unable to access this folder (seems redundant I know, but that's what I need here atm).


There is a way around it, but make sure you understand what you are doing!

Use lat-groups from the lazy admin tools to create a group without 'admin':
lat-groups -a --no-admin -c "mygroup | Group without admin"

Now you can create an ibay for group "mygroup"  that is not accessible by admin.

BUT...
1/ Each time you add a new group to your system using the server-manager, user admin is added again to "mygroup"
2/ Each time you do a system upgrade, user admin is added again to "mygroup"
3/ The --no-admin switch will allow you to create more than 28 groups, something that is not possible on a standard SME box. If you create more than 28 groups and admin gets added again to all these groups (see 1 & 2), the server-manager will no longer be accessible and other anoying things might also happen.

A way around this would be to create a script that is launched at boot time and re-removes user admin from all relevant groups.

As you can see, this is an ugly and potentially dangerous solution. Unless you REALLY need to, don't do as I say :-)

Michiel
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: ibay without admin access rights?