File permissions for shared home directories?

[Steve Flynn]

On 24 December 2012 12:49, Jef Driesen <jefdriesen at hotmail.com> wrote:
> Hi,
>
> I have a NAS server with two unix accounts, named "me" and "wife". Each
> account has its own home directory, which are exported over NFS. So far no
> problem.
>
> But I also have a common laptop which only has a single unix account which
> is shared between the two persons. If I give the laptop user the same
> UID/GID as the "me" account on the NAS, I can access my personal files. But
> how do I make sure I can also access the files from the "wife" account?

Groups. Add me and wife to a group (us) on the fileserver and perform
a chgrp to "us" on all of the files/directories which you want to be
accessible from both. Make the ownership on these files rwxrwx--- (or
whatever suits you best - important bit is the middle "rwx" or the
middle number if you're setting permissions via octal, which would be
770 for this example).

> I'm looking for a solution that is reasonable secure. It's fine if the "me"
> and "wife" account can access each others file, but other accounts should
> not have access.

Ensure the others permisisions bits are set to ---, or 0 in octal.
That'll stop other users. Don't put any other users in the "us" group.

You can have much finer control on this kind of thing by using ACL's,
but it's a little more fiddly to set up. For a quick and dirty, groups
should work fine.

-- 
Steve

When one person suffers from a delusion it is insanity. When many
people suffer from a delusion it is called religion.