Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: To create user name with read only access
Top Forums Shell Programming and Scripting To create user name with read only access Post 302434788 by funksen on Monday 5th of July 2010 06:43:23 AM
Old 07-05-2010
there are no "read only" groups

there are files/folders that have read only permission for a group
if a group has no write access to any file on a system, you may call it read only group, but there's still the /tmp folder, where everyone has write rights


normally a new created user just has write rights to his home directory
if you change the home directory of the user to something like
chmod 555 /home/user , the user should be a read only user for the most directories on your system

but any time you change a directory to 777 for example, the user will be able to write to that directory, so be careful

perhaps you want to have a look at:

UNIX permissions
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

create or modify user account to have same access as root

Is there a way to create or better yet modify a user account so it has the same privs as root? (6 Replies)
Discussion started by: xadamz23
6 Replies

2. Solaris

How to create a new ftp user account with limited access..?

Hi All, I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions: - Have only ftp access, no telnet or rlogin - Have restricted access to its home directory example /export/home/newuser - Deny access to any other directory. Thanks for your help, ... (6 Replies)
Discussion started by: Jeremy3
6 Replies

3. UNIX for Dummies Questions & Answers

user & group read/write access question

folks; I created a new users on my SUSE box and i need to give this user/group a read write access to one specific folder. here's the details: - I created new user "funny" under group "users". - I need to give this user "funny" a read/write access to another directory that is owned by "root".... (3 Replies)
Discussion started by: Katkota
3 Replies

4. Solaris

create user with RWX access to a specific directory in Solaris 10

I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that? Thanks (5 Replies)
Discussion started by: gsander
5 Replies

5. UNIX for Advanced & Expert Users

How to create user with access only to one folder through ftp?

Hi all, Can someone help me with creating user with special privilegies? I need to create user who will have access ONLY to one folder (like /etc/log/) through ftp (read only access) and which will not have any other ways to log in like telnet, ssh etc.? (5 Replies)
Discussion started by: nypreH
5 Replies

6. UNIX for Dummies Questions & Answers

User creation (with only read only access)

I need to create a user with least permission on the production server. He should only be able to read or execute the files that to be specific. For example: I just need to give him a set of commands to run.Besides those command execution He should be prevented to run any other command and He... (2 Replies)
Discussion started by: pinga123
2 Replies

7. Homework & Coursework Questions

Create script to add user and create directory

first off let me introduce myself. My name is Eric and I am new to linux, I am taking an advanced linux administration class and we are tasked with creating a script to add new users that anyone can run, has to check for the existence of a directory. if the directory does not exist then it has... (12 Replies)
Discussion started by: pbhound
12 Replies

8. Solaris

samba read write access to owner and no access to other users

Hi All, I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration. Regards, Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies

9. Shell Programming and Scripting

Create user with access only to one command

Hi all, Is there any way to create linux user with access only one defined command? For example, I want new user has access only to ls command. (7 Replies)
Discussion started by: nypreH
7 Replies

LEARN ABOUT MOJAVE

dseditgroup

dseditgroup(8)						    BSD System Manager's Manual 					    dseditgroup(8)

NAME

     dseditgroup -- group record manipulation tool.

SYNOPSIS

     dseditgroup [options] [parameters] groupname

		 options:
		       -o operation   perform (read, create, delete, edit, checkmember) operation with given groupname
		       -p	      prompt for authentication password
		       -q	      disables interactive verification
		       -v	      verbose logging to stdout

		 parameters:
		       -m member      username to use for checkmember option
		       -n nodename    directory node location of group record
		       -u username    authenticate with admin username
		       -P password    authentication password
		       -a recordname  name of the record to add
		       -d recordname  name of the record to delete
		       -t recordtype  type of the record to add or delete
		       -T grouptype   type of group to create or modify
		       -L	      maintain ComputerLists in parallel with ComputerGroups
		       -i gid	      gid to add/replace
		       -g guid	      GUID to add/replace
		       -S sid	      SID to add/replace
		       -r realname    realname to add/replace
		       -k keyword     keyword to add
		       -c comment     comment to add/replace
		       -s timetolive  seconds to live to add/replace
		       -f n | l       change the group's format - 'n' for the new group format and 'l' for the legacy group format

DESCRIPTION

     dseditgroup allows manipulation of a single named group record on either the default local node or the specified DirectoryService node. For
     the "read" operation the authentication search policy (/Search node) is consulted. Default behaviour is presented below after a discussion of
     each operation and the possible parameters.

     Options and their descriptions:

     -o operation
	      If "read" then the parameters of the specified groupname will be displayed. This is the default option. The authentication search
	      policy (/Search node) will be used.

	      If "create" then create a group with the specified groupname on either the default local node or the specified DirectoryService
	      node.

	      If "delete" then delete a group with the specified groupname on either the default local node or the specified DirectoryService
	      node.

	      If "edit" then edit a group with the specified groupname on either the default local node or the specified DirectoryService node.

	      If "checkmember" then check if the user specified with -m or current logged in user is a member of the specified groupname. The
	      authentication search policy (/Search node) is used to find the member. The specified node (defaults to the authentication search
	      policy) is used to find the group. If the specified node is not on the authentication search policy the behaviour is undefined.

     -p       You will be prompted for a password to use in conjunction with the specified username.

     -q       This disables interactive verification of replace or delete operations.

     -v       This enables the logging of the DirectoryService API calls and their return codes.

     Parameters and their descriptions:

     -m member
	      The username of the account to verify group membership when using -o checkmember

     -n nodename
	      Directory Service node name such as /LDAPv3/ldap.company.com and whose default value is the local node. "." can also be used to
	      specify the local node.

     -u username
	      Username of a user that has administrative privileges on this computer.

     -P password
	      Password to use in conjunction with the specified username.  If this is not specified, you will be prompted for a password.

     -a recordname
	      The name of the record to be added to the group specified by groupname. This name is related to the first record found on the
	      authentication search policy when a search is made with this recordname and the given recordtype.

     -d recordname
	      The name of the record to be deleted from the group specified by groupname. This name is related to the first record found on the
	      authentication search policy when a search is made with this recordname and the given recordtype.

     -t recordtype
	      The type of the record to be added to or deleted from the group specified by groupname. Valid values are user, computer, group, or
	      computergroup.

     -T grouptype
	      The type of the group record to be created or modified as specified by groupname. Valid values are group or computergroup.

     -L       If used with computergroup will also maintain the computerlist if it exists or create it if a computergroup is created.

     -i gid   This is a group id. This will be automatically created if not specified for a create.

     -g guid  This is a text representation of an 128 bit id. This will be automatically created if not specified for a create.

     -r realname
	      This is a simple text string.

     -k keyword
	      This is a simple text string.

     -c comment
	      This is a simple text string.

     -s timetolive
	      The number of seconds that this record is deemed valid as a cached value. There will be no automatically created default value if
	      not specified for a create.

DEFAULT BEHAVIOUR

     dseditgroup mygroup

     This simple version of the command will default to:

     dseditgroup -o read -n . -u $USER mygroup

     The output will be the parameters of the "mygroup" group record if the shell user has read access to the local node's group record of name
     "mygroup".

EXAMPLES

     dseditgroup extragroup

     dseditgroup -o read extragroup

		    The attributes of the group extragroup from the local node are displayed.

     dseditgroup -o create -n /LDAPv3/ldap.company.com -u myusername -P mypassword -r "Extra Group" -c "a nice comment" -s 3600 -k "some keyword"
	      extragroup

		    The group extragroup is created from the node /LDAPv3/ldap.company.com with the realname, comment, timetolive (instead of
		    default of 14400 = 4 hours), and keyword atttribute values given above if the user myusername has supplied a correct password
		    and has write access.

     dseditgroup -o delete -n /LDAPv3/ldap.company.com -u myusername -P mypassword extragroup

		    The group extragroup is deleted from the node /LDAPv3/ldap.company.com if the user myusername has supplied a correct password
		    and has write access.

     dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -p -a username -t user extragroup

		    The group extragroup from the node /LDAPv3/ldap.company.com will have the username added if the username is in a user record
		    on the search policy and if the correct password is presented interactively for the user myusername which also need to have
		    write access.

     dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -P -a mysubgroup -t group extragroup

		    The group extragroup from the node /LDAPv3/ldap.company.com will have the mysubgroup added if the mysubgroup is in a group
		    record on the search policy and if the user myusername has supplied a correct password and has write access.

     dseditgroup -o edit -n /LDAPv3/ldap.company.com -u myusername -p -d username -t user extragroup

		    The group extragroup from the node /LDAPv3/ldap.company.com will have the username deleted if the correct password is
		    presented interactively for the user myusername which also need to have write access.

     dseditgroup -o checkmember extragroup

		    Will write out a message specifying if the current user is a member of extragroup on the authentication search policy.

     dseditgroup -o checkmember -n  . extragroup

		    Will write out a message specifying if the current user is a member of extragroup on the local node.

     dseditgroup -n /LDAPv3/ldap.company.com -o checkmember -m user extragroup

		    Will write out a message specifying if user (found in /Search) is a member of extragroup on the specified node
		    /LDAPv3/ldap.company.com. The specified node /LDAPv3/ldap.company.com needs to be on the authentication search policy for a
		    valid answer.

Mac OS								   March 01 2004							    Mac OS
All times are GMT -4. The time now is 11:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy