[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: Directory Security
From:       "Robert D. Hughes" <rob () robhughes ! com>
Date:       2001-09-29 14:44:21
[Download RAW message or body]

You don't say what NOS you're running, but you can remove administrative
access to the files using file system permissions. I would recommend
that you allow whatever user the backups are run as to continue to have
access. To do this, on UNIX you would run either chown -R user:nogroup
<homedir> or, if nogroup is not present, then the equivalent for your
system. To allow the backup user to continue to have access, run chown
-R user:backup (or the equivalent for your system) on the appropriate
directory.  You may also need to modify permissions with the chmod
command (run man chmod for more info). On NT/WIN2K, simply right click
the user's home directory and remove access for everyone except the user
and the backup user or group then apply to all directories,
subdirectories and files. On a Novell system, the same applies if you
have access to a workstation with the Novell client installed. Its been
so long since I worked with Novell though, I've forgotten how to do it
from the server.

Rob


-----Original Message-----
From: Nicholas & Anthony McKenzie [mailto:themac@iinet.net.au]
Sent: Thursday, September 27, 2001 9:52 PM
To: Security Basics
Subject: Re: Directory Security


Hi again,

Situation: Direcotrs, CEO, and General Managers dont want people
accessing
files within their own personal home directories that contain
confidential
material such as staff salaries, budgets, pay reivews etc.

Is it possible to (once created) NOT to allow administrative access or
access to any group of admins to a home directory of a CEO/Director etc
that
contains such classified information? ie put a block on all people
except
the owner.

Network: Win 2000

Regards,
Nick

PS: and putting aside password protecting/encrypting files.

[prev in list] [next in list] [prev in thread] [next in thread]