1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# /etc/trustee.conf
#
# Format:
# <device or network name><File or directory name>:<trustee object info>:...
#
# Device name should be in [], e.g.: [/dev/hda1].
# Actually, minor ad major numbers are used, so feel free to use symlinks here.
#
# Network name should be in {}, e.g {nfs_server:/}
# The starting / in file names is mandatory, double / are prohibited,
# trailing slashes are not recommended.
#
# <Trustee object info> is <User or group information>:<Rights mask>
# <User or group information> is either a
# * - means everybody
# User name
# + followed by a group name
# <Right mask> is
# R Read files
# W Write files and directories
# B Browse (like UNIX execute for directories)
# E rEad directories
# X eXecute files
# U Use UNIX permissions
# C Clear the permissions (instead of set them)
# D Deny access (instead of grant)
# ! The trustee object applies to all except user or group
# O One level. The trustee object applies to the surectory and files in in,
# not to subdirectories
# I need to see log files without su
#[/dev/hda1]/var/log:zavadsky:REB
#[/dev/hda2]/apache/var:zavadsky:REB
# Allows me to cd and
# ls mail directory,
# but do not allows me read
# mail in query
#{nfs_server:/usr}/exim:zavadsky:EB
# Allows me to read mailer log
#{nfs_server:/usr}/exim/spool/log:zavadsky:REB
# Allows me to see how is the proxy
#[/dev/hda2]/squid:zavadsky:REB
# Allows me to compile
# and download programs
#[/dev/hda3]/src:zavadsky:RWEBX
# Grant a complete access
# to network share
#{//samba_server/share}/:zavadsky:RWEBX
#{//samba_server/share}/calor:+calor:RWEBX
# Allows the web server to
# read everything
# in his document directory
#[/dev/hda2]/apache/share:httpd:REBX
|
