I have a home file server I am setting up with 2 hard drives (openSUSE 10.3 and files). My router handles all the DHCP functions and my network consists of Linux, Windows XP and a laptop.
I cannot just open full access because I don’t trust my son who is becoming a little hacker.
My question/request/plea is
- Does the below look like a doable structure or would there be a better structure to do the same thing?
- **How do I set this up?!! **
I am new to networking and permissions on a whole, and still learning Yast and openSUSE.
Thank you for taking the time to look at this.
____ Below is the details of the structure I am attempting to create. ______
SYSTEM INFORMATION:
I’ve grouped things down to 4 users and 3 categories of users and 2 roles with a mix of permissions.
4 usersF= Father ; the admin (me)
M= Mother ; no clue what they are doing
D= Daughter : should have limited access
S= Son : has to have limited access (potential hacker, high-risk)3 Categories Administration;
[INDENT]for web server, database, updates
for web development
YAST (over SSH) for general management
Shared;
for all users to access, but only Mom and Dad can modify/deleteUser;each users has own directory for their files, inaccessible to others (except maybe Mom and Dad)
contains a “public” folder for anybody to read/write to [/INDENT]2 Roles:Parents
[INDENT]full access to Administration
full access to Shared
full access to User (specifically the kids’ directories)
Kids
no access to Administration
read-only access to Shared
full access to their own User directory and public ONLY[/INDENT]
CATEGORY ACCESS AND SAMPLE DIRECTORIES:
The Administration category :
sample directories:/SAMBA/admin/backups
/srv/www/…users access:parent role
[INDENT]F → Full access
M → Full access kid role D → no access
S → no access[/INDENT]
The Shared category:
sample directories:/SAMBA/shared/family
/SAMBA/shared/pictures
/SAMBA/shared/video
/SAMBA/shared/musicusers access:parent role
[INDENT]F → Read/Write access to all
M → Read/Write access to allkid roleD → Read-Only access to all
S → Read-Only access to all[/INDENT]
The Users category: (each user has own directory, plus a “public” directory fully read/write)
sample directories:/SAMBA/users/public
/SAMBA/users/Dad
/SAMBA/users/Mom
/SAMBA/users/Daughter
/SAMBA/users/Son
users access:parent role[INDENT]F → Read/Write access to [Dad]
M → Read/Write access to [Mom]kid roleD → Read/Write access to [Daughter]
S → Read/Write access to [Son]all users* → Read/Write access to [public]
[/INDENT]
SAMPLE USER CASES:
sample Usage (assuming above directories are /SAMBA/shared and /SAMBA/user):
Mom wants to save her files on the server so it is accessible from all household computers:
=> save to SAMBA/user/mom
Dad wants to save pictures from digital camera for all to see (but not for kids to accidentally delete):
=> save to SAMBA/share/Pictures
Daughter wants to save pictures from digital camera:
=> save to /SAMBA/user/My Pictures
=> or
=> save to SAMBA/user/public (then Mom or Dad can move to /SAMBA/share/Pictures if desired)
Son wants to get into Daughter’s files to cause havoc (that’s what brothers do!):
=> should have access to her directory
Daughter wants to email a family pciture from recent vacation to best friend:
=> grab from /SAMBA/share/Pictures
Mother wants to make homemade Christmas cards to send out:
=> grab pictures from /SAMBA/share/Pictures
=> work on them locally
=> save final files in /SAMBA/share/Family/ChristmasCards (or something like that)
Dad wants to print out more of these Christmas cards for co-workers:
=> grab files from /SAMBA/share/Family/ChristmasCards
Dad wants to update PHP on server:
=> ssh into server
=> “su” into Root
=> run “yast”
Does ANY of this make any sense?