Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: To create user name with read only access
Top Forums Shell Programming and Scripting To create user name with read only access Post 302434788 by funksen on Monday 5th of July 2010 06:43:23 AM
Old 07-05-2010
there are no "read only" groups

there are files/folders that have read only permission for a group
if a group has no write access to any file on a system, you may call it read only group, but there's still the /tmp folder, where everyone has write rights


normally a new created user just has write rights to his home directory
if you change the home directory of the user to something like
chmod 555 /home/user , the user should be a read only user for the most directories on your system

but any time you change a directory to 777 for example, the user will be able to write to that directory, so be careful

perhaps you want to have a look at:

UNIX permissions
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

create or modify user account to have same access as root

Is there a way to create or better yet modify a user account so it has the same privs as root? (6 Replies)
Discussion started by: xadamz23
6 Replies

2. Solaris

How to create a new ftp user account with limited access..?

Hi All, I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions: - Have only ftp access, no telnet or rlogin - Have restricted access to its home directory example /export/home/newuser - Deny access to any other directory. Thanks for your help, ... (6 Replies)
Discussion started by: Jeremy3
6 Replies

3. UNIX for Dummies Questions & Answers

user & group read/write access question

folks; I created a new users on my SUSE box and i need to give this user/group a read write access to one specific folder. here's the details: - I created new user "funny" under group "users". - I need to give this user "funny" a read/write access to another directory that is owned by "root".... (3 Replies)
Discussion started by: Katkota
3 Replies

4. Solaris

create user with RWX access to a specific directory in Solaris 10

I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that? Thanks (5 Replies)
Discussion started by: gsander
5 Replies

5. UNIX for Advanced & Expert Users

How to create user with access only to one folder through ftp?

Hi all, Can someone help me with creating user with special privilegies? I need to create user who will have access ONLY to one folder (like /etc/log/) through ftp (read only access) and which will not have any other ways to log in like telnet, ssh etc.? (5 Replies)
Discussion started by: nypreH
5 Replies

6. UNIX for Dummies Questions & Answers

User creation (with only read only access)

I need to create a user with least permission on the production server. He should only be able to read or execute the files that to be specific. For example: I just need to give him a set of commands to run.Besides those command execution He should be prevented to run any other command and He... (2 Replies)
Discussion started by: pinga123
2 Replies

7. Homework & Coursework Questions

Create script to add user and create directory

first off let me introduce myself. My name is Eric and I am new to linux, I am taking an advanced linux administration class and we are tasked with creating a script to add new users that anyone can run, has to check for the existence of a directory. if the directory does not exist then it has... (12 Replies)
Discussion started by: pbhound
12 Replies

8. Solaris

samba read write access to owner and no access to other users

Hi All, I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration. Regards, Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies

9. Shell Programming and Scripting

Create user with access only to one command

Hi all, Is there any way to create linux user with access only one defined command? For example, I want new user has access only to ls command. (7 Replies)
Discussion started by: nypreH
7 Replies

LEARN ABOUT DEBIAN

fs_listacl

FS_LISTACL(1)						       AFS Command Reference						     FS_LISTACL(1)

NAME

       fs_listacl - Displays ACLs

SYNOPSIS

       fs listacl [-path <dir/file path>+] [-id] [-if] [-cmd] [-help]

       fs la [-p <dir/file path>+] [-id] [-if] [-cmd] [-h]

       fs lista [-p <dir/file path>+] [-id] [-if] [-cmd] [-h]

DESCRIPTION

       The fs listacl command displays the access control list (ACL) associated with each specified file, directory, or symbolic link. The
       specified element can reside in the DFS filespace if the issuer is using the AFS/DFS Migration Toolkit Protocol Translator to access DFS
       data (and DFS does implement per-file ACLs). To display the ACL of the current working directory, omit the -path argument.

       To alter an ACL, use the fs setacl command. To copy an ACL from one directory to another, use the fs copyacl command. To remove obsolete
       entries from an ACL, use the fs cleanacl command.

CAUTIONS

       Placing a user or group on the "Negative rights" section of the ACL does not guarantee denial of permissions, if the "Normal rights"
       section grants the permissions to members of the system:anyuser group. In that case, the user needs only to issue the unlog command to
       obtain the permissions granted to the system:anyuser group.

OPTIONS

       -path <dir/file path>+
	   Names each directory or file for which to display the ACL. For AFS files, the output displays the ACL from the file's parent directory;
	   DFS files do have their own ACL. Incomplete pathnames are interpreted relative to the current working directory, which is also the
	   default value if this argument is omitted.

       -id Displays the Initial Container ACL of each DFS directory. This argument is supported only on DFS directories accessed via the AFS/DFS
	   Migration Toolkit Protocol Translator.

       -if Displays the Initial Object ACL of each DFS directory. This argument is supported only on DFS directories accessed via the AFS/DFS
	   Migration Toolkit Protocol Translator.

       -cmd
	   Outputs an fs setacl command string that can be used to recreate the ACL applied to the specified file, directory or symbolic link.

       -help
	   Prints the online help for this command. All other valid options are ignored.

OUTPUT

       The first line of the output for each file, directory, or symbolic link reads as follows:

	  Access list for <directory> is

       If the issuer used shorthand notation in the pathname, such as the period (".") to represent the current current directory, that notation
       sometimes appears instead of the full pathname of the directory.

       Next, the "Normal rights" header precedes a list of users and groups who are granted the indicated permissions, with one pairing of user or
       group and permissions on each line. If negative permissions have been assigned to any user or group, those entries follow a "Negative
       rights" header. The format of negative entries is the same as those on the "Normal rights" section of the ACL, but the user or group is
       denied rather than granted the indicated permissions.

       AFS does not implement per-file ACLs, so for a file the command displays the ACL on its directory. The output for a symbolic link displays
       the ACL that applies to its target file or directory, rather than the ACL on the directory that houses the symbolic link.

       The permissions for AFS enable the possessor to perform the indicated action:

       a (administer)
	   Change the entries on the ACL.

       d (delete)
	   Remove files and subdirectories from the directory or move them to other directories.

       i (insert)
	   Add files or subdirectories to the directory by copying, moving or creating.

       k (lock)
	   Set read locks or write locks on the files in the directory.

       l (lookup)
	   List the files and subdirectories in the directory, stat the directory itself, and issue the fs listacl command to examine the
	   directory's ACL.

       r (read)
	   Read the contents of files in the directory; issue the "ls -l" command to stat the elements in the directory.

       w (write)
	   Modify the contents of files in the directory, and issue the UNIX chmod command to change their mode bits

       A, B, C, D, E, F, G, H
	   Have no default meaning to the AFS server processes, but are made available for applications to use in controlling access to the
	   directory's contents in additional ways. The letters must be uppercase.

       For DFS files and directories, the permissions are similar, except that the DFS "x" (execute) permission replaces the AFS "l" (lookup)
       permission, DFS "c" (control) replaces AFS "a" (administer), and there is no DFS equivalent to the AFS "k" (lock) permission. The meanings
       of the various permissions also differ slightly, and DFS does not implement negative permissions. For a complete description of DFS
       permissions, see the DFS documentation.

EXAMPLES

       The following command displays the ACL on the home directory of the user "pat" (the current working directory), and on its "private"
       subdirectory.

	  % fs listacl -path . private
	  Access list for . is
	  Normal rights:
	     system:authuser rl
	     pat rlidwka
	     pat:friends rlid
	  Negative rights:
	     smith rlidwka
	  Access list for private is
	  Normal rights:
	     pat rlidwka

       The following command generates the fs setacl command required to recreate the ACL on the home directory of the user "pat" (the current
       working directory), and on its "private" subdirectory.

	  % fs listacl -path . private -cmd
	  fs setacl -dir . -acl system:authuser rl  pat rlidwka   pat:friends rlid
	  fs setacl -dir . -acl smith rlidwka -negative
	  fs setacl -dir private -acl pat rlidwka

PRIVILEGE REQUIRED

       If the -path argument names an AFS directory, the issuer must have the "l" (lookup) permission on its ACL and the ACL for every directory
       that precedes it in the pathname.

       If the -path argument names an AFS file, the issuer must have the "l" (lookup) and "r" (read) permissions on the ACL of the file's
       directory, and the l permission on the ACL of each directory that precedes it in the pathname.

       If the -path argument names a DFS directory or file, the issuer must have the "x" (execute) permission on its ACL and on the ACL of each
       directory that precedes it in the pathname.

SEE ALSO

       fs_cleanacl(1), fs_copyacl(1), fs_setacl(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted from HTML to POD by software written by Chas
       Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

OpenAFS 							    2012-03-26							     FS_LISTACL(1)
All times are GMT -4. The time now is 02:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy