I agree with Dave with trying to deny access to a particular user under
cygwin. The support is not there. I will touch on an actual feature
that provides this capability.
Under Amdahl UTS Unix, e.g. SVR3 like, there was feature that relied on
the proper implementation of the chroot(2) system call. You can give
the restricted user his own login space and make available certain other
filesystems mounted for the restricted to give him/her what they
actually allowed to have access to, and no more. Login was modified to
look for a "*" in the password field to signify a sub-login with the
passwd home directory as the argument to execute the chroot(2) system
call and thereby execute login again under the new chroot.
In order for this to be effective, one must execute caution in setting
up this painful and elaborate work in achieving the desired environment
for the restricted user. Without a real chroot(2) syscall, it really
can't be done.
Cygwin as it stands today can't provide a true restricted environment if
it provides general access to hard (C:/pathnames/) drives. Unless the
PC itself is restrictive (limited networking).
The above is my personal opinion on this subject and does not reflect
management views.
Dave Korn wrote:
Matthias Meyer wrote:
How to solve my goal?
The user "backup" should backup all data but not certain directories.
It cannot be done. Your two requirements amount to:
1- I want the backup user to be able to access all files and directories
without restriction.
2- I want the backup user to be restricted from accessing certain files and
directories.
As a matter of plain logic, these requirements just cannot both be satisfied
simultaneously in the same universe! There is no means to give the backup
user privileges to access only-some-but-not-all of the files that the ACLs say
it should not have access to, because it would essentially require an entire
second level of ACLs on every file in the system to keep track of which files
the backup privilege gave access to and which files it did not.
cheers,
DaveK
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
