[GRASS-dev] mapset permissions: only owner should have write permissions
Markus Neteler
neteler at osgeo.org
Wed Jul 17 02:48:38 PDT 2013
On Tue, Jul 16, 2013 at 8:44 PM, Glynn Clements
<glynn at gclements.plus.com> wrote:
> Markus Metz wrote:
...
>> With grass data on a network drive with multi-user access, I would
>> regard e.g. the contents of the PERMANENT mapset as
>> particularly-sensitive information.
>
> Plenty of sites will treat PERMANENT as public data, to be shared by
> all users.
Shared yes.
Destroyed no.
The point here is (as experienced on our local shared network
grassdata/ recently):
- GRASS allows users to enter their own mapset(s)
- GRASS allows users to read all mapsets and write into the current (own) one
- GRASS does not allow to modify the mapset of a different user
So far so nice.
Assume that several users belong to the same group. If now the group
write flag is enabled for mapsets, users can delete them even if they
are not their own. This is fine since someone (admin) must have
allowed for this.
Now back to GRASS: A user runs a session in his/her mapset with
group-write enabled. This is against the GRASS internal policy where
others cannot write into your own mapsets with GRASS commands.
Wish for improvement:
When starting a session in a mapset with group/other-write enabled,
issue a warning to inform the user about this in the startup script.
This would follow the "least-surprise" paradigm.
Feasible?
Markus
More information about the grass-dev
mailing list