Using the built-in files app, is it possible to prevent users from going up in the filestructure? I would prefer if users only saw their own /home, and our respective /project and /scratch spaces, and not /tmp, /usr, /lib, /etc et. al.
But that doesn’t restrict the access in the way we want. Additionally, how do I add /project and /scratch under the Files App dropdown? I can’t seem to find that info in the documentation.
I’m not sure what behavior you are asking for that is different from the OOD_ALLOWLIST_PATH. Preventing people from going up the file structure is the idea of the allowlist because you can only access the children of the directories listed. So /home won’t let you go to / since it’s a parent of /home which also means you can’t go into /lib, /etc, etc.
Is this not what you are after? I’m just unsure what behavior you are looking for.
If there are /project and /scratch directories on the file system that the user has access to, those will just mount in for the user. You don’t have to set them. The OOD_ALLOWLIST_PATH is a way to constrict that if needed or ensure they only stay in their space and don’t escape up the tree.
Oh weird, I had made the change in allowlist, and bounced the httpd service but it didn’t take effect. After letting it hang out for a while, now it’s working… I’m gonna blame systemd for that one.
I’d still like to know if there’s a way to add /project and /scratch to the Files dropdown bar, I can’t seem to find that in the docs.
There does exist a /project and /scratch for the system first, correct? The allowlist isn’t making any directories to be clear, only checking that what is being mounted is in that list. OOD will try to mount whatever it can for the user otherwise.
