next up previous contents
Next: 5.3 Allow user to Up: 5 Configuration elements for Previous: 5.1 role and user   Contents

5.2 Home directories

To configure access control to home directories, we could use ~/ . In normal domain, it means all users home directories. But, for configuration of role, the meaning is different.
The rule is simple:

~/ means home directories for users that can use role
Let's see example.
{
1:role webmaster_r;
2:user web1;
3:user web2;
4:allow ~/** r,w,s;
In this case, line 4 is allow to write home directories for user1 and user2. So, when user web1/web2 login as webmaster_r role, they can read write their home directories, but can not access other users home directories.

{
1:role user_r;
2:user user_u;
3:allow ~/** r,w,s;
user_u is supported, too. Line 3 means home directories for user_u users.



2006-07-05