Solaris

Hi all,
i have a question about directory accessing.
Question: therese is a x user which can login system, x user can only access specific directories on the system, even y directory has r-x access right for OTHER, x user will not access the y directory.
this x user must access specific directories on the file system.
is This scenario possible, is there any idea about it?

Use ACLs:
setfacl(1) – modify the Access Control List (ACL) for a file or files (man pages section 1: User Commands) - Sun Microsystems

Thank you very much, i am familiar setfacl and using setfacl for specific directory, i am looking for different thing a little bit. i want to create restriction on specicif directories. This restricted user can not access a directory whose directory access is (for instance) rwxrwxr-x, i mean r-x (other) access means others can access, but this restricted will not be access these directories on the system.

I think batrus11 is telling you - use acls to deny access. That is the only fine-grained restriction to a directory easily available - at the moment. group access has nothing to do with it.

You could stick the one user in a one-off group, then put EVERY OTHER user in another group. Not a great idea.

Seems like a lot of work as well.

In all honesty - We see these ' deny one user' kinds of security requests all the time. IMO these requests mean your overall security setup has issues. Or maybe the boss's son logs on and wreaks havoc. I dunno.

Either way, you don't normally want to restrict access on a one-off basis. It is usually unreliable, difficult to implement, and prone to error. You want to GRANT access on a fine grained basis ( read: one user maybe). Big difference.

It is the same thing as culling exceptions to the rule in a user response vs. coding for only acceptable responses. The set of wrong answers is infinite, the set of correct answers very finite. You choose.

Thank you jim ,
i understood that this kind of method will be unreliable so foget it.

regards
Musarami