Newsgroups: comp.unix.internals
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uupsi!pinet!reg
From: reg@pinet.aip.org (Dr. Richard Glass)
Subject: Re: Unix security additions
Message-ID: <1991Apr18.170210.3451@pinet.aip.org>
Organization: American Institute of Physics
References: <19208@rpp386.cactus.org> <6783@awdprime.UUCP> <1991Apr18.042212.11738@Think.COM>
Date: Thu, 18 Apr 91 17:02:10 GMT

I have missed most of this discssion, but if the drift is correct, I
believe its how do you have operators back up and restore without access
to the user files.

Several years ago I was a SA of a Univ. departmental Unix box.  I had
student help assigned to me.  I wanted the students to perform a backup
and restore, but not be able to read or write files.  This was my
solution.

1) The tape dev was owned by root and rw by root only.
2) A program owned by root with set owner priv. was run by the
operators.
3) This program prompted them for files to restore and backup.  The
appropreiate command was exec'ed to perform this operation. 
4) The program ONLY allowed files to be restored to their orig.
directory.

If this helps, let me know.

Ricky Glass (reg@pinet.aip.org)