Unix Active Directory Ninja JuJitsu….

You can rely on the traditional unix groups (sort of)  Just:

  • create a new group
  • addusers to the group “$ adduser user group” is the way to go
  • make a directory owned by this group to share files
  • change the umask to 002, which allows group write access to all new files.  For Debian systems this is set in:
  • /etc/profile
  • /etc/login.defs
  • If you “chmod g+s” the shared directory this means that files created in it will belong to the directory group not the users group.  This is making the directory sgid apparently…
  • you can now cheerfully save files….
  • An additional thing you might want to try is that if you make umask 002, this means all members of the group (which appears to be everyone with an AD login) can read and write the files you create on the unix box.  To avoid everyone reading and writing your files you can change the group of your home directory to a local group and then set that directory sgid as well.

    Of course this may introduce a huge security hole but it seems to work o.k. for me.

    Don’t follow this advice unless you actually know what you are doing..

    Advertisements

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s