Path: utzoo!hoptoad!pacbell!att!ihlpy!bdavies
From: bdavies@ihlpy.ATT.COM (Davies)
Newsgroups: alt.sources
Subject: Re: Need a "watching" program
Message-ID: <12743@ihlpy.ATT.COM>
Date: 12 May 89 21:12:31 GMT
References: <8923@csli.Stanford.EDU> <11680@s.ms.uky.edu> <8928@csli.Stanford.EDU>
Reply-To: bdavies@ihlpy.UUCP (55314-Davies,B.)
Distribution: usa
Organization: AT&T Bell Laboratories - Naperville, Illinois
Lines: 31

In article <8928@csli.Stanford.EDU> rustcat@csli.stanford.edu (Vallury Prabhakar) writes:
> (wants to keep stats on who is accessing files in his directories)

Here is my suggestion:

For all of the files in your account, give the permissions that you would
normally for owner.  Set the group permissions to be as lenient as you wish
for everyone else to access; i.e. r-x for directories and r-- for files
would be good.  Then remove ALL permissions for other: ---.

Make your home directory, as well as your bin directory 755.

Finally, create a shell script (or binary) in your bin directory that
others must execute prior to accessing your files.  You can add logging
information into a file somewhere, do menu driven stuff, or whatever.
The trick is to do a chmod 2755 on the script.  This sets the 'setgid'
bit on the file so that the other users who execute this command have
your effective group ID, and can access files as per the group settings
that you have set up.

This method forces people to go through the front end program to access
your files, in which you can add logging.  It disallows other access,
other than to people who are in the same group as you.  If lots of other
people have the same group ID as you, then ask the SA to put you in your
own group.  I suspect he/she would not object to doing that, since it
is in general more secure to have everyone in their own group.

Later,
-- 
				Bryan R. Davies, AT&T Bell Labs
				IH 55314 4H-332 x3669 att!ihlpy!bdavies