Frontier as Root

Eric Soroos eric-ul at soroos.net
Wed Nov 13 08:59:16 PST 2002 

 
> Try making Frontier and your file uploader users members of the
> same *group*, and giving that group default read/write permissions
> to the files and to the directory they are uploaded to. (I don't
> recall the proper config/commands for this offhand, but it's
> A Unix Thing.)
> 
> Overall, I'd say something like the following would be good
> (again, I don't know the commands, but it should be very doable).
> (This is a Unix approach; I'm not certain it will work with
> OS-X, but it should.)
> 
> 1. Create a User "Frontier". Make it a member of
>    a group "FrontierGroup" (or whatever).

I think there are 8 character limits on group names.
 
> 2. Create a system startup script that start and detaches
>    a process running Frontier as user "Frontier". (This may
>    cause problems with Frontier due to the lack of GUI; I
>    don't know.)

This won't work. Frontier requires the GUI on OSX. Before login, only the root user has access to the screen. It's possible to start frontier as the root user and have it working without login, but then anyone who can click on the screen can get root. After login, frontier has to run as the user who is logged in. 

> 3. Make all users who need to upload files to Frontier
>    members of the group "FrontierGroup".

> A possible alternate approach:
> You don't indicate whether the folder uploads are done
> via Frontier, FTP, or ?? It sounds like they're doing
> FTP uploads.
> 
> You could, instead, have them upload the folders/files
> via Frontier. Set up one Manila site with Filer to
> do uploads. (I could add a multiple-file upload screen,
> if that would help.) Or write (or have somebody [me?])
> write a folder/file-upload utility that calls a Frontier
> URL to post each file, and give a copy to each user.
> Then Frontier could easily normalize names as part of
> processing the uploads.

I'm guessing that everyone who is uploading is probably already a member of the same group. (Probably staff) And if you're running frontier, it's goign to also have the same group id.

There are a couple of ways to work the permissions, but I'd tend to either:

1) make all the upload directories group readable/writable.  This means that user1 can modify user2's items, as can frontier. This would be 'chmod 773 foldername'

2) make a dropbox folder with frontier's user having r/w permissions and group write permissions, but not read. This should allow people to only write in new files. I think you'd want 'chmod 730 foldername' for that. 

or 3) have frontier deal with the upload.

eric

More information about the Frontier-Users mailing list