The script be changes the user's group and cds to the group directory.
The script grouprot can be run by a user who has forgotten to use be to reset the permissions on all their files in the group directory.
The program covet will allow any group member to take ownership of any file in the group directory. Because, of course, the users forget to use be and grouprot. (Or more simply, sftp, scp or ftp hasn't set things correctly for the group.)
See the man pages or source for complete information.
I looked online for a simplier existing solution...all the pages returned suggested to e-mail the file owner or the admin. Which is fine, but doesn't help the user who needs access right now, which is normal.
Group directories are of the form /home/groupname. In /etc/group
there's a certain range allowed for gids that correspond to group
directories.
For be, it helps to have a global cshrc (or bashrc) with lines
similar to (csh):
if (($gid >= 3001 && $gid < 15000) then umask 007 set prompt="$gid> " endifor for bash:
if [ ${GID} -ge 3001 -a ${GID} -lt 15000 ]; then umask 007 PS1="${GID}\\$ " fiOtherwise modify to suit your needs.
It checks for sym links or hard links, in the path. It checks for length on strings. It checks for /, .., $ and ~ in the path. It checks to make sure the user is in the group corresponding to the group directory, and is in that group directory.
It could be called from sudo for an extra layer of security, but then you could probably configure sudo and chown to do what this does. And, proper application of ACLs on a newer system will render this command obsolete.
By default things will be installed in /usr/local/[bin,man]. If your site is set up differently than ours, you'll have to edit the Makefile for destinations, covet.c for the gids that cover your groups.
Be relys on additions to default dot files to set prompt and umask.
Grouprot assumes your public web directory is called 'WWW'.
"I need this file!"