From 39554b4bc30f4b1b59585eb6bbf4fe638376c024 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sun, 24 Dec 2023 16:12:18 +0100
Subject: [PATCH] guard against unintended access if user-db is corrupted

---
 docs/examples/docker/idp/copyparty.conf | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/docs/examples/docker/idp/copyparty.conf b/docs/examples/docker/idp/copyparty.conf
index b911eb08..26b1e16b 100644
--- a/docs/examples/docker/idp/copyparty.conf
+++ b/docs/examples/docker/idp/copyparty.conf
@@ -34,15 +34,15 @@
     rwmda: %su  # the group "su" gets read-write-move-delete-admin
 
 
-[/~${u}]    # each user gets their own home-folder at /~username
-  /w/~${u}  # which will be in a folder named ~username in the docker data volume
+[/u/${u}]    # each user gets their own home-folder at /u/username
+  /w/u/${u}  # which will be "u/username" in the docker data volume
   accs:
     r: *              # read-access for anyone, and
     rwmda: ${u}, %su  # read-write-move-delete-admin for that username + the "su" group
 
 
-[/~${u}/priv]    # each user also gets a private area at /~username/priv
-  /w/~${u}/priv  # stored at DATAVOLUME/~username/priv
+[/u/${u}/priv]    # each user also gets a private area at /u/username/priv
+  /w/u/${u}/priv  # stored at DATAVOLUME/u/username/priv
   accs:
     rwmda: ${u}, %su  # read-write-move-delete-admin for that username + the "su" group
 
@@ -58,3 +58,15 @@
   /w/lounge/${g}/priv  # stored at DATAVOLUME/lounge/groupname/priv
   accs:
     rwmda: %${g}, %su  # read-write-move-delete-admin for that group + the "su" group
+
+
+# and create some strategic volumes to prevent anyone from gaining
+# unintended access to priv folders if the users/groups db is lost
+[/u]
+  /w/u
+  accs:
+    rwmda: %su
+[/lounge]
+  /w/lounge
+  accs:
+    rwmda: %su