Main Page - www.paulfm.com

My Opinions (on technical issues): ../OPINIONS/

Icon  Name                    Last modified      Size  Description
[PARENTDIR] Parent Directory - [   ] compile-and-run-file.sh 2021-09-27 18:15 2.4K [TXT] make-scratch.cpp 2021-10-11 11:14 9.0K [TXT] README.TXT 2021-10-11 09:41 3.1K [TXT] REVISIONS.TXT 2021-10-11 09:40 435
		(this is README.TXT)

	make-scratch.cpp:  The C++ source code for _make-scratch.bin
	compile-and-run-file.sh:  A utility script to use c/c++ like a scripting language.


	Copyright (C) 2021	Paul F. Markfort <paulfm.mn@gmail.com>
	License:	GPLv3: https://www.gnu.org/licenses/


NOTES (make-scratch.cpp):
	The assumption is that each user's primary group is uniq to that user (no other users are in that group).
	The names of those groups is not important - but they must have names.
	Although not required, I suggest that you use the same gid and name as the user uid and name when creating the user group.

	The links folder (owned by root) is meant to have soft-links in it to the actual folder(s) that you want the users to create scratch folders in.
	Each of those folders should be owned and writable by the utility user (it should not be group nor other writable).
	You can control user access to them, with directory permissions (group and other permissions)
	(_make-scratch.bin will check for user Execute access, and utility user Write and Execute access before creating folders).

	Scratch Folder:	A folder that is not backed up, may be deleted with minimal warning.
			Usually on local storage or high speed cluster storage. 

	This program is meant to make the management of these folders much easier, including making sure permissions
	are such that the folders aren't abused and access is always restricted to a group that the user is in.
	Unfortunately - this means the utility user must own the folders.
	It might be possible to use this program for maintaining TEMP or other types of folders.

	Warning:	The utility user does not have access to its Primary group unless the program is also set SGID.
			I suggest you do not set it SGID (it must be SUID to work).

	This program should be short enough, that you can evaluate the safety by simply reading the code.
	Changing it to allow it to run SUID or/and SGID root is NOT recommended.

	It has only been tested on openSUSE Linux: http://www.opensuse.org/
	But will likely compile and work on any version of Linux/Unix.


INSTALLING (make-scratch.cpp):
	first, create a utility user just for this purpose (I suggest sys-scratch).
	Compile with:
		g++  -o _make-scratch.bin  make-scratch.cpp

	Then copy the final _make-scratch.bin to /usr/local/bin/,
	and make it owned by sys-scratch (or whatever your utility user is) and setuid ( chmod u=rwx,go=rx,u+s ).
	If you then run the program with no arguments, it will provide additional information
	(including the location of the links folder you need to create, and some debug info).


	Install Note:
		You may want to create a make-scratch.sh script somewhere in all users' paths that runs _make-scratch.bin
		or put it in your users' startup scripts.
		example:
			#! /bin/sh
			_make-scratch.bin 1



A NOTE ABOUT ACL's:
	You could put an ACL on each of the scratch folders giving the user sys-scratch write access, rather than giving sys-scratch ownership;
	but, this really just adds complication, without gaining much in security.
	(for my opinions on this, see the OPINIONS link at the top of this page).