Main Page - www.paulfm.com
My Opinions (on technical issues): ../OPINIONS/
Name Last modified Size Description
Parent Directory -
compile-and-run-file.sh 2021-09-27 18:15 2.4K
make-scratch.cpp 2022-03-08 17:42 9.7K
make-scratch.sh 2022-08-18 12:41 1.9K
README.TXT 2022-03-18 10:28 3.3K
REVISIONS.TXT 2022-03-08 17:31 543
(this is README.TXT)
make-scratch.cpp: The C++ source code for _make-scratch.bin
make-scratch.sh: A Linux /bin/sh script for using _make-scratch.bin
compile-and-run-file.sh: A utility script to use c/c++ like a scripting language.
Copyright (C) 2021 Paul F. Markfort <firstname.lastname@example.org>
License: GPLv3: https://www.gnu.org/licenses/
Definition - Scratch Folder:
A folder that is not backed up, may be deleted with minimal warning.
Usually on local storage or high speed cluster storage.
The assumption is that each user's primary group is uniq to that user (no other users are in that group).
The names of those groups is not important - but they must have names.
Although not required, I suggest that you use the same gid and name as the user uid and name when creating the user group.
The links folder (owned by root) is meant to have soft-links in it to the actual folder(s) that you want the users to create scratch folders in.
Each of those folders should be owned and writable by the utility user (it should not be group nor other writable).
You can control user access to them, with directory permissions (group and other permissions)
(_make-scratch.bin will check for user Execute access, and utility user Write and Execute access before creating folders).
This program is meant to make the management of these folders much easier, including making sure permissions
are such that the folders aren't abused and access is always restricted to a group that the user is in.
Unfortunately - this means the utility user must own the folders.
It might be possible to use this program for maintaining TEMP or other types of folders.
Warning: The utility user does not have access to its Primary group unless the program is also set SGID.
I suggest you do not set it SGID (it must be SUID to work).
This program should be short enough, that you can evaluate the safety by simply reading the code.
Changing it to allow it to run SUID or/and SGID root is NOT recommended.
It has only been tested on openSUSE Linux: http://www.opensuse.org/
But will likely compile and work on any version of Linux/Unix.
INSTALLING: _make-scratch.bin (compiled from: make-scratch.cpp):
g++ -o _make-scratch.bin make-scratch.cpp
Create a utility user just for this purpose (I suggest sys-scratch).
Then copy the final _make-scratch.bin to:
, and make it owned by sys-scratch (or whatever your utility user is) and setuid ( chmod ugo=x,u+s ).
If you then run the program with no arguments, it will provide additional information
(including the location of the links folder you need to create, and some debug info).
You may want to create a make-scratch.sh script somewhere in all users' paths that runs _make-scratch.bin
or put it in your users' startup scripts.
(I have included a make-scratch.sh you can use on this page)
Example minimal script contents:
A NOTE ABOUT ACL's:
You could put an ACL on each of the scratch folders giving the user sys-scratch write access,
rather than giving sys-scratch ownership;
but, this really just adds complication, without gaining much in security.
(for my opinions on this, see the OPINIONS link at the top of this page).