Covet Unix Group Directory Tools

About

These are some very simple programs created to make life easier on users with group directories who can't figure out chmod and chgrp.

The script be changes the user's group and cds to the group directory.

The script grouprot can be run by a user who has forgotten to use be to reset the permissions on all their files in the group directory.

The program covet will allow any group member to take ownership of any file in the group directory. Because, of course, the users forget to use be and grouprot. (Or more simply, sftp, scp or ftp hasn't set things correctly for the group.)

See the man pages or source for complete information.

I looked online for a simplier existing solution...all the pages returned suggested to e-mail the file owner or the admin. Which is fine, but doesn't help the user who needs access right now, which is normal.

Our Site Setup

Thought it's not necessary, the tools would work best if your site is setup like ours:

Group directories are of the form /home/groupname. In /etc/group there's a certain range allowed for gids that correspond to group directories. For be, it helps to have a global cshrc (or bashrc) with lines similar to (csh):

    if (($gid >= 3001 && $gid < 15000) then
        umask 007
        set prompt="$gid> "
    endif
or for bash:
  if [ ${GID} -ge 3001 -a ${GID} -lt 15000 ]; then
    umask 007
    PS1="${GID}\\$ "
  fi
Otherwise modify to suit your needs.

Caveats

Security. Covet is installed by default as suid root. I've take some steps to make it more secure.

It checks for sym links or hard links, in the path. It checks for length on strings. It checks for /, .., $ and ~ in the path. It checks to make sure the user is in the group corresponding to the group directory, and is in that group directory.

It could be called from sudo for an extra layer of security, but then you could probably configure sudo and chown to do what this does. And, proper application of ACLs on a newer system will render this command obsolete.

Installation

Download the tar file, type make install.

By default things will be installed in /usr/local/[bin,man]. If your site is set up differently than ours, you'll have to edit the Makefile for destinations, covet.c for the gids that cover your groups.

Be relys on additions to default dot files to set prompt and umask.

Grouprot assumes your public web directory is called 'WWW'.

To Do

Links

SourceForge Project Page

Postscript

Finally, drop me a line if anyone ever uses this. I was just trying to save my users time, and me work.

"I need this file!"