|
|
Sponsored Content
Operating Systems
HP-UX
Permissions
Post 302088416 by chrizz on Tuesday 12th of September 2006 08:20:55 AM
09-12-2006
Permissions
Hey,
We've got quite a strange problem on our hands here. We are running an HP 9000/800 B.11.00.
I've just created a new group in /etc/group which i called, let's say newgroup . Then I added 4 users to the group, namely user1, user2, user3, user4 . The command grpchk shows no strange things (the maximum one of those users is used in other groups is 14 times, the group newgroup is the 40th group I've created in /etc/group)
Then I created a new directory on the server called updir . In that directory I've created an other directory called lowdir . Then I gave the following commands:
chown -R user1:newgroup /updir
chmod -R 770 /updir
Now when checking the permissions for the 2 dirs they give the exact same result (drwxrwxrwx & user1:newgroup). All seems fine...
But the problem is that only user1 can enter /updir and the /updir/downdir.
User2, user3 and user4 can only enter /updir, NOT the /updir/downdir... very strang.
We've got quite a strange problem on our hands here. We are running an HP 9000/800 B.11.00.
I've just created a new group in /etc/group which i called, let's say newgroup . Then I added 4 users to the group, namely user1, user2, user3, user4 . The command grpchk shows no strange things (the maximum one of those users is used in other groups is 14 times, the group newgroup is the 40th group I've created in /etc/group)
Then I created a new directory on the server called updir . In that directory I've created an other directory called lowdir . Then I gave the following commands:
chown -R user1:newgroup /updir
chmod -R 770 /updir
Now when checking the permissions for the 2 dirs they give the exact same result (drwxrwxrwx & user1:newgroup). All seems fine...
But the problem is that only user1 can enter /updir and the /updir/downdir.
User2, user3 and user4 can only enter /updir, NOT the /updir/downdir... very strang.
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
with permission set to d-wx--x--x directoryname
Why can't I do a long-listing on this directory? Is read access necessary? (1 Reply)
Discussion started by: mma_buc_98
1 Replies
2. UNIX for Dummies Questions & Answers
Can anyone help explain the "s" in the below permissions example. I was reading about the "sticky bit" (t) but I am a little confused.
On file "test"
wolf% chmod 4777 test
wolf% ls -l
total 4
drwx------ 2 john staff 512 Mar 19 21:34 nsmail
-rwsrwxrwx 1 john staff ... (2 Replies)
Discussion started by: finster
2 Replies
3. UNIX for Dummies Questions & Answers
Hi everyone, I'm looking for some information concerning Unix permissions. I am new to Unix and am doing research for a graduate class. Given the permissions below, can anyone give me five unique exploits that would be available to a hacker/cracker given this configuaration?
-rw-rw-rw- 1... (1 Reply)
Discussion started by: skeeter
1 Replies
4. UNIX for Dummies Questions & Answers
I saved a perl code in xemacs. I used an xterminal to execute it but unix said that I don't have permission. I saved the files in my home directory. How do I change the permission. This is hat unix said:
-ksh: ./names.pl: cannot execute (5 Replies)
Discussion started by: lnatz
5 Replies
5. UNIX for Dummies Questions & Answers
to prohibit 'others' from deleting files, what should we omit: write or execute?
thx (9 Replies)
Discussion started by: melanie_pfefer
9 Replies
6. HP-UX
Hi,
I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory.
Thanks in advance.
Mike (3 Replies)
Discussion started by: Mike1234
3 Replies
7. Shell Programming and Scripting
My /tmp is set with the following permissions (777) and a 't' at the end.
My umask is set to 022.
When I create a directory under /tmp (tmp/xx) it gets created as 755
as expected.
Yet when I create a file within that directory (/tmp/xx/yy) the permissions
are not 755 they are 644.
... (1 Reply)
Discussion started by: BeefStu
1 Replies
8. Shell Programming and Scripting
Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I have noticed that on my Linux box there is a nice feature which make it impossible for specified member (owner, group or other) to have an given access if a member from which we would expect it more don't have that access.
So it is impossible to read file by all if others have set read... (3 Replies)
Discussion started by: DavidMax
3 Replies
10. Shell Programming and Scripting
Hi guys,
i write the below script to make the user get to the directory that interesting. Now what I am trying is to check the permissions of the directory and if the directory exists to check the reading options.
echo "Please enter your desire folder directory ( \yourfolders) ?: \c"
... (9 Replies)
Discussion started by: mikerousse
9 Replies
LEARN ABOUT OSF1
groupadd
groupadd(8) System Manager's Manual groupadd(8) NAME
groupadd - Adds a new group definition SYNOPSIS
/usr/sbin/groupadd [-g gid [-o]] [-P] [-x extended_option] group_name OPTIONS
Specifies the group identifier (GID) of the new group being added. The GID must be a non-negative decimal integer. Allows a group identi- fication (GID) number to be duplicated (non-unique). This option can be used only with the -g option. Creates a PC group only. The fol- lowing extended_option attributes are available. The PC attributes will only be applicable if the Advanced Server for UNIX (ASU) is config- ured. The extended_option attributes can be specified as a space-delimited list after a single -x option. Indicates that the group is distributed. The value of the distributed=n attribute can be 0 or 1. If set to 0, the group is added to the local system. If set to 1, the group is added to the NIS master database on the running system. When this attribute is set, the local attribute is automatically set to the opposite value. Indicates that the group is local. The value of the local=n attribute can be 0 or 1. If set to 1, the group is added to the local database. If set to 0, the group information is added to the NIS master database. When this attribute is set, the distributed attribute is automatically set to the opposite value. A comma-delimited list of members that will be added to the UNIX user's group. You can specify the user (login) name or the account UID. Specifies a text string that provides a description of the PC group. Specifies a comma delimited list of PC users to be added to the current list of members of a PC group. Note that this adds, but does not replace mem- bers. Specifies the name of the new group. The group name can be any printable characters, with the exception of the colon (:) and new- line ( ) characters. DESCRIPTION
The groupadd command is part of a set of command-line interfaces (CLI) that are used to create and administer user groups on the system. When the Advanced Server for UNIX (ASU) is installed and running, the groupadd command can also be used to administer PC groups for users who are also holders of Windows NT domain accounts. Accounts can also be created with the /usr/bin/X11/dxaccounts graphical user interface (GUI), although the extended options are only available from the CLI utilities such as useradd and groupmod. Different options are available depending on how the local system is configured: In the default UNIX environment, user account management is compliant with the IEEE POSIX Draft P13873.3 standard. The CLI is backwards-compatible, so all existing local scripts will function. However, you should consider testing your account management scripts before use. The groupadd command lets the system administrator create new groups on the system, by specifying the group name and GID. When the GID is not specified (with the -g option), the GID defaults to the next available (unique) number. The -x option lets the system administrator specify whether the new group is local or distributed over a network. If this option is not specified on the command line, the system adds the new group to the appropriate database as specified by the system defaults. The default behavior on the system for the groupadd command is distributed=0 and local=1. With these values, the system adds the group to the local database by default. Setting the distributed= and local= attributes to the same value (for example, distributed=0 and local=0) produces an error. You must have superuser privilege to execute this command. RESTRICTIONS
You cannot specify more than 255 characters on a single command line. However, lines can be split to an appropriate length. If you try and enter too many new groups, the group file may be corrupted. The pc_synchronize default value is not used for groupadd, groupmod, and groupdel. UNIX and PC groups cannot be synchronized and therefore must be created separately. Use the command groupadd -P xdomain to create a PC group named xdomain. Then, use the command groupadd xdomain to create a UNIX group named xdomain. EXIT STATUS
The groupadd command exits with one of the following values: Success. Failure. Warning. EXAMPLES
The following example adds the group, newgroup, to the group database with a system-provided GID: % groupadd newgroup The following example adds the group, newgroup, to the group database with a GID of 451: % groupadd -g 451 newgroup The following example adds the group, new- group, to the NIS master database % groupadd -x distributed=1 newgroup The following example adds the PC group, projectX with members JoeMc and HiteshC: % groupadd -x members=JoeMc,HiteshC, projectX The following example adds the PC group, newgroup and provides a description field "common project group": % groupadd -P -x pc_group_description="common project group" projectX FILES
The groupadd command operates on files for the specific level of system security. SEE ALSO
Commands: groupdel(8), groupmod(8), useradd(8), userdel(8), usermod(8) System Administration Security Advanced Server for UNIX administration and configuration documents. groupadd(8)