[opencms-dev] Chrooting a user
Sami Honkonen
sami.honkonen at ri.fi
Thu Jun 22 13:12:08 CEST 2006
On Mon, 2006-06-19 at 07:03 +0100, Jonathan Woods wrote:
> Rather than change project properties, perhaps you can do this all at the
> VFS folder level by (i) explicitly revoking access at the top level to all
> users, (ii) explicitly adding Administrators back in (not sure if that's
> necessary), (iii) adding appropriate access rights for chosen groups at
> lower levels.
I set the permissions for a private folder like this:
Guests - deny all, overwrite inherited, inherit on subfolders
Users - deny all, overwrite inherited, inherit on subfolders
Private group - allow all, responsible, overwrite inherited, inherit on
subfolders
If I now log in with a user belonging to the Private group he doesn't
have access to the directory. I would think it's because there's a
conflict with the permissions since the user is also a member of the
Users group and I can't change the order in which the permission rules
are applied.
I remember reading somewhere that you can't override denied access lower
in the hierarchy. That's why I've come up with the project-based
solution I explained earlier. Has this override issue changed (in my
opinion, fixed) in the 6.2 release?
I'll explain what I'm trying to get at to help you understand my problem
better. I'm trying to create a private directory which can't be viewed
if not logged in as a certain user. This certain user has access only to
this part of the vfs, nowhere else. (Naturally it's, ok if he sees the
online website since it is public).
Thanks a lot for your efforts so far! I really appreciate your help.
--
Sami Honkonen
Reaktor Innovations Oy
sami.honkonen at ri.fi
+358 40 535 3463
More information about the opencms-dev
mailing list