negative permissions - UNIX for Dummies Questions & Answers

sickoboy · #1 (**permalink**) 10-08-2006

Hi.

I want to know how can I negate a write permission for a file to an expecific user when that user have that permission becouse he belongs to a group what have a write permission for the file.

Perderabo · #2 (**permalink**) 10-08-2006

Create a second group that comtains all of the members of the first group except for this particular user. Then let the second group have write permission to the file.

heroine · #3 (**permalink**) 10-09-2006

i am having almost the same problem here too....

how to specify specify the type of negative permission in Unix/Linux:
-without using ACLs,
-using ACLs ?

what are :
-the commands issued to set the permissions,
-the permissions before and after those commands,

thanks...!!!

blowtorch · #4 (**permalink**) 10-09-2006

I tried to use ACLs to restrict user privileges, and found that a user that is explicitly denied write perms in a file's ACLs will not be able to write to a file even if the group that the user belongs to has write permissions on that file.

I created a user test having group test, and created a file named testfile that has write permissions for the group test but is owned by root.

Code:

# id test
uid=1000462(test) gid=65546(test)
# ls -l testfile
-rw-rw-r--   1 root     test          10 Oct 10 10:17 testfile

OS: Solaris 8 -
I set the ACLs on the file to allow the user test to only read the file. Mask set to rwx.

Code:

# setfacl -m u:test:r--,m:rwx testfile
# ls -l testfile
-rw-rw-r--+  1 root     test          10 Oct 10 10:17 testfile
# getfacl testfile

# file: testfile
# owner: root
# group: test
user::rw-
user:test:r--           #effective:r--
group::rw-              #effective:rw-
mask:rwx
other:r--

Next, I tried to write to the file as user test.

Code:

$ id
uid=1000462(test) gid=65546(test)
$ ls -l testfile
-rw-rw-r--+  1 root     test          10 Oct 10 10:17 testfile
$ cat >> testfile
ksh: testfile: cannot create

I also tried this on HP-UX, vxfs:

Code:

# setacl -m u:test:r-- testfile
# ls -l testfile
-rw-rw-r--+  1 root       users            9 Oct 10 07:58 testfile
# getacl testfile
# file: testfile
# owner: root
# group: users
user::rw-
user:test:r--
group::rw-
class:rw-
other:r--

When I su-ed to user test and tried to write to the file,

Code:

$ id     
uid=111(test) gid=20(users)
$ cat >> testfile
sh: testfile: Cannot create the specified file.

If your filesystem supports ACLs you can probably use them to restrict users from writing to a file even if they are part of a group that has write permissions on the file.

heroine · #5 (**permalink**) 10-12-2006

Thank you very much....
with these commands, things are going well.

cheers...!!!!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Negative Offset	DNAx86	High Level Programming	1	05-09-2008 05:04 PM
C++ how to isdigit() a negative number?	Darklight	High Level Programming	1	04-22-2008 12:01 PM
Problem with sed and negative regexpr's	ericbmn1	Shell Programming and Scripting	1	02-23-2008 02:03 AM
RegExp negative match not working	umen	Shell Programming and Scripting	2	08-22-2006 01:57 PM
negative UID/GID?!! I can see 'em but what the hell do they mean?!	hellz	UNIX for Dummies Questions & Answers	2	09-07-2001 12:18 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode