On Mon, Jan 07, 2008 at 16:21, Daniel Widyono wrote: > I liked the simplicity and robustness of Ken's answer: use unix groups. > > > We would like to create accounts for restricted users > > To be sure we understand the requirements, what precisely do you mean by > "restricted users"? Do you *only* mean the following? > > > These users would have access to the filesystem > > as appropriate, but would not be allowed to run the applications living > > under /opt and /usr/local. That's pretty much it. > If you only mean the above, then in the context of "primarily for data > sharing purposes", what precisely do you mean by "access to the filesystem as > appropriate"? They would have access to their own home directories and to special group directories set up explicitly for file sharing among members of a (unix) group. They would be able to run standard binaries, but would be explicitly not able to run the applications (mostly for statistical analysis) installed under /usr/local (globally) and /opt (local to specific nodes). Cheers, Pann -- Pann McCuaig <[log in to unmask]> 212-854-8689 Systems Coordinator, Economics Department, Columbia University Department Computing Resources: http://www.columbia.edu/cu/economics/computing/