From ba12327f41ad8773052b10970850b716677d3b5c Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 3 Sep 2011 22:42:07 +0100
Subject: [PATCH] claim-dir, claim-mem-dir: userv gadget for claiming
 directories.

Suppose there's a part of the filesystem namespace that you want users
to be able to claim bits of.  The usual approach is to make the top
directory of the subtree be world-writable and sticky, but this causes
no end of trouble: there's potential contention for the namespace, which
leads to security problems.

These tools provide an alternative approach: a userv service which makes
a directory named after and owned by the calling user, and with
restrictive permissions.  It doesn't set a group for the new directory,
but the caller can do that.
---
 claim-dir     | 9 +++++++++
 claim-mem-dir | 6 ++++++
 2 files changed, 15 insertions(+)
 create mode 100755 claim-dir
 create mode 100644 claim-mem-dir

diff --git a/claim-dir b/claim-dir
new file mode 100755
index 0000000..be377f9
--- /dev/null
+++ b/claim-dir
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+dir="${1?dir}/$USERV_USER"
+if [ ! -d "$dir" ]; then
+  mkdir -m700 "$dir"
+  chown "$USERV_USER" "$dir"
+fi
+echo "$dir"
diff --git a/claim-mem-dir b/claim-mem-dir
new file mode 100644
index 0000000..af9aa4f
--- /dev/null
+++ b/claim-mem-dir
@@ -0,0 +1,6 @@
+### -*-conf-*-
+
+if grep calling-user-shell /etc/shells
+	suppress-args
+	execute /usr/local/sbin/claim-dir /mnt/mem
+fi
-- 
2.11.0