claim-dir, claim-mem-dir: userv gadget for claiming directories.

Suppose there's a part of the filesystem namespace that you want users
to be able to claim bits of.  The usual approach is to make the top
directory of the subtree be world-writable and sticky, but this causes
no end of trouble: there's potential contention for the namespace, which
leads to security problems.

These tools provide an alternative approach: a userv service which makes
a directory named after and owned by the calling user, and with
restrictive permissions.  It doesn't set a group for the new directory,
but the caller can do that.

diff --git a/claim-dir b/claim-dir
new file mode 100755 (executable)
index 0000000..be377f9
--- /dev/null
+++ b/claim-dir
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+dir="${1?dir}/$USERV_USER"
+if [ ! -d "$dir" ]; then
+  mkdir -m700 "$dir"
+  chown "$USERV_USER" "$dir"
+fi
+echo "$dir"

diff --git a/claim-mem-dir b/claim-mem-dir
new file mode 100644 (file)
index 0000000..af9aa4f
--- /dev/null
+++ b/claim-mem-dir
@@ -0,0 +1,6 @@
+### -*-conf-*-
+
+if grep calling-user-shell /etc/shells
+       suppress-args
+       execute /usr/local/sbin/claim-dir /mnt/mem
+fi