That would allow to naturally set in default role something like
/home r
~ rwcd
~/bin rwxcd
instead of creating a role for each UNIX user on system that we want the role above to apply to. Ofcoure we want user to be able ro rwcd only HIS home dir.
For instance, my rules for amarok:
- Code: Select all
subject /usr/lib/amarok/amarokapp K
/dev/snd/controlC0 rw
/dev/aloadC0 rw
/dev/snd/timer r
/dev/zero rwx
/home/raf256/ r
/home/raf256/.fonts.cache* rwxcdl
/home/raf256/.qt/.qtrc.lock rw
/home/raf256/.kde/ r
/home/raf256/.kde/share/ r
/home/raf256/.kde/share/config/kdeglobals rw
/home/raf256/.kde/share/config/amarokrc rwcdl
/home/raf256/.kde/share/apps/amarok/ rwcdl
/home/raf256/.kde/share/apps/amarok/collection.db rw
/home/raf256/.kde/share/config rw
/home/raf256/.kde/share/config/*.tmp rwcdl
/home/raf256/.kde/share/config/*.lock rwcdl
/home/raf256/.kde/share/config/*.new rwcdl
/home/raf256/.xine rwcd
/home/raf256/.qt/ r
/home/raf256/.qt/.*.lock rw
do I have to manually copy them for user john like s/raf256/john/g ? And for every other user that is supposed to run amarok?
Btw, on that example, how can I hide some important documents, like
/home/john/work/
but
1) I do not want to kill programs simply doing ls /home/john or stating the work dir (like ls -l), only thoes that will actually enter /home/john/work/ and list files/dirs there
Rule
- Code: Select all
/home/john/cre r
/home/john/cre/* h
almost does that, but the 'h' seem to apply only to data - content of files, like: /home/john/work/newcity/template.jpg
but do not restrict listing of directories, allowing to see that file
/home/john/work/newcity/template.jpg do exists there.
2) if I use the K rule on subject, I dont want some stupid programs to get killed just for trying beeing smart and cache mi home directory listing or something. I still want to kill then on trying to write or read actuall data though.
So it would be nice to have other type of hide, like soft-hide, just pretent such file do not exists (but do not kill for asking about it)
Thanks,
Rafał Maj