|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
help with permissions - execute but not delete
Post 302119075 by reldb on Sunday 27th of May 2007 02:56:37 PM
05-27-2007
help with permissions - execute but not delete
Hi,
We have 2 users and one directory (dir). One user is admin user and other use r is operator user. who is responsible for just executing the scripts e.g. startWeblogic and stopWeblogic etc, we want to restrict this operator user in such a way that he can only execute these files and he should NOT be able to delete or change these files but he should be able to VIEW these files
I want that one user (user1)
1) should be able to run/execute any script/file
2) should NOT be able to delete these files
3) should NOT able to change these files
4) should be able to write a new file in directory as when user is executing the script then it creates log file so it is required else script will fail
5) should be able to view the files
I tried like this
created a directory with user2(admin) with all files
1) chmod -R 775 <dir>
2) cd <dir>
3) find . -type f | xargs chmod 755
Now my user1 who is in same group as user2 is able to do the following
1) able to run/execute any script/file
2) able to delete these files [he is able to delete files
]
3) NOT able to change these files
4) able to write a new file in directory as when user is executing the script then it creates log file
5) able to view the files
my only worry is step 2, i dont want this user to delete these files but when i give 755 permision then he is able to delete if i give some other permission then he is not able to execute scripts.
Please let me know what is the best way and how can we achieve it
Thanks
Rel
We have 2 users and one directory (dir). One user is admin user and other use r is operator user. who is responsible for just executing the scripts e.g. startWeblogic and stopWeblogic etc, we want to restrict this operator user in such a way that he can only execute these files and he should NOT be able to delete or change these files but he should be able to VIEW these files
I want that one user (user1)
1) should be able to run/execute any script/file
2) should NOT be able to delete these files
3) should NOT able to change these files
4) should be able to write a new file in directory as when user is executing the script then it creates log file so it is required else script will fail
5) should be able to view the files
I tried like this
created a directory with user2(admin) with all files
1) chmod -R 775 <dir>
2) cd <dir>
3) find . -type f | xargs chmod 755
Now my user1 who is in same group as user2 is able to do the following
1) able to run/execute any script/file
2) able to delete these files [he is able to delete files
]3) NOT able to change these files
4) able to write a new file in directory as when user is executing the script then it creates log file
5) able to view the files
my only worry is step 2, i dont want this user to delete these files but when i give 755 permision then he is able to delete if i give some other permission then he is not able to execute scripts.
Please let me know what is the best way and how can we achieve it
Thanks
Rel
|
|
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
:cool:
I need to execute a shell script to do the following:
cat a file
run two back ground processes using the first two values from the file
wait till those background processes finish
run two more background processes using the next two values from the file
wait till those background... (1 Reply)
Discussion started by: halo98
1 Replies
2. HP-UX
Hi,
I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory.
Thanks in advance.
Mike (3 Replies)
Discussion started by: Mike1234
3 Replies
3. UNIX for Dummies Questions & Answers
I am perplexed that my script execution is not always consistent in creating new files. Specifically, my group read/write/execute permissions. For instance, take a look at the following:
-rw-rw---- 1 jg dp 18648 Aug 22 10:06 nx081508.txt
-rw-rw---- 1 jg dp 22422 Aug 22 10:06... (1 Reply)
Discussion started by: joeyg
1 Replies
4. UNIX for Dummies Questions & Answers
Please explain this strange behavior to me
bash-2.03$ ls -l abc
-rw------- 1 bashboy users 319 Sep 21 18:02 abc
bash-2.03$ ./abc
bash: ./abc: Permission denied
bash-2.03$ . abc
Successfully run
I wanted to ask how the file executes without the execute permissions when we... (3 Replies)
Discussion started by: rakeshou
3 Replies
5. Solaris
Hi all.
On one workstation run Solaris 10 a simple user can to execute 'init 0' command without input (su and root password).
Example:
% init 0
%
OK
I don't understand how user can execute 'init 0' command on this workstation?
1) I checked /usr/local/etc/sudoers all lines are... (6 Replies)
Discussion started by: wolfgang
6 Replies
6. UNIX for Dummies Questions & Answers
Hi I need help. I need to use find (or grep I don't care) to recursively search for files who have any kind of executable permissions (group and/or owner and/or other). I am looking for *.c and *.h
This what I am using now:
find . -name *.h -perm -111 -print
but I don't want to retype that... (4 Replies)
Discussion started by: dissectcode
4 Replies
7. Shell Programming and Scripting
I am using the below command to delete files from directories and subdirectories
find /test/abc/xyx -type f -mtime +7 -exec rm -f {} \;
there are some subfolders in xyx for which i don't have permission to delete.
Is there a way i can check the permission of the folder first and then delete... (4 Replies)
Discussion started by: ch33ry
4 Replies
8. UNIX for Dummies Questions & Answers
Please help me to understand the issue:
Issue: There are shell scripts in a user home directory (/home/user_1)
without execute permissions (rw-r--r--) to owner,group and world
These shell scripts were able to execute/work previously but its not working now and it says permission denied or... (2 Replies)
Discussion started by: MSK_1990
2 Replies
9. UNIX for Beginners Questions & Answers
i want to give users the ability to create write and read files in other user directory , but not to have option to delete the file after created ( sticky bit not going to work here ... ) for example :
i have user : manager with directory repository
i have user : worker1 that need to write... (4 Replies)
Discussion started by: umen
4 Replies
LEARN ABOUT HPUX
chmod
chmod(1) General Commands Manual chmod(1) NAME
chmod - change file mode access permissions SYNOPSIS
symbolic_mode_list file ... Obsolescent form numeric_mode file ... DESCRIPTION
The command changes the permissions of one or more files according to the value of symbolic_mode_list or numeric_mode. You can display the current permissions for a file with the command (see ls(1)). Only the owner of a file, or a user with appropriate privileges, can change its mode. Only a user having appropriate privileges can set (or retain, if previously set) the sticky bit of a regular file. If the sticky bit is set on a directory, files inside the directory may be renamed or removed only by the owner of the file, the owner of the directory, or the superuser (even if the modes of the directory would otherwise allow such an operation). In order to set the set-group-ID bit, the group of the file must correspond to your current group ID. If is used on a symbolic link, the mode of the file referred to by the link is changed. Options The command recognizes the following options: Preserve any optional access control list (ACL) entries associated with the file (HFS file systems only). By default, in conformance with the IEEE Standard POSIX 1003.1-1988, optional HFS ACL entries are deleted. For JFS ACLs, this option has no effect, because optional JFS ACL entries are always preserved. For information about access control lists, see acl(5) and aclv(5). Recursively change the file mode bits. For each file operand that names a directory, alters the file mode bits of the named directory and all files and subdirecto- ries in the file hierarchy below it. Operands The command recognizes the following operands: file Targe file for which the permissions are changes. numeric-mode Numeric value used to determine permission on a specified file. See the section for more information. symbolic-mode-list List of operations used to determine permissions on a specified file. See the section for more information. Symbolic Mode List A symbolic_mode_list is a comma-separated list of operations in the following form. Whitespace is not permitted. [who]op[permission The variable fields can have the following values: who One or more of the following letters: Modify permissions for user (owner). Modify permissions for group. Modify permissions for others. Modify permissions for all users is equivalent to op Required; one of the following symbols: Add permission to the existing file mode bits of who. Delete permission from the existing file mode bits of who. Replace the existing mode bits of who with permission. permission One or more of the following letters: Add or delete the read permission for who. Add or delete the write permission for who. Add or delete the execute file (search directory) permission for who. Add or delete the set-owner-ID-on-file-execution or set-group-ID-on-file-execution permission for who. Useful only if or is expressed or implied in who. Add or delete the sticky bit permission. Useful only if is expressed or implied in who. See chmod(2). Conditionally add or delete the execute/search permission as follows: o If file is a directory, add or delete the search permission to the existing file mode for who. (Same as o If file is not a directory, and the current file permissions include the execute permission displays an or an for at least one of user, group, or other, then add or delete the execute file permission for who. o If file is not a directory, and no execute permissions are set in the current file mode, then do not change any execute permission. Or one only of the following letters: Copy the current user permissions to who. Copy the current group permissions to who. Copy the current other permissions to who. The operations are performed in the order specified, and can override preceding operations specified in the same command line. If who is omitted, the and permissions are changed for all users if the changes are permitted by the current file mode creation mask (see umask(1)). The and permissions are changed as if was specified in who. Omitting permission is useful only when used with to delete all permissions. Numeric Mode (Obsolescent) Absolute permissions can be set by specifying a numeric_mode, an octal number constructed from the logical OR (sum) of the following mode bits: Miscellaneous mode bits: Permission mode bits: EXTERNAL INFLUENCES
Environment Variables determines the language in which messages are displayed. If is not specified or is null, it defaults to the value of If is not specified or is null, it defaults to (see lang(5)). If any internationalization variable contains an invalid setting, all internationalization variables default to See environ(5). International Code Set Support Single- and multibyte character code sets are supported. RETURN VALUE
Upon completion, returns one of the following values: Successful completion. An error condition occurred. EXAMPLES
Deny write permission to others: Make a file executable by everybody: Assign read and execute permission to everybody, and set the set-user-ID bit: Assign read and write permission to the file owner, and read permission to everybody else: or the obsolescent form: Traverse a directory subtree making all regular files readable by user and group only, and all executables and directories executable (searchable) by everyone: If the current value of is displays do not change write permission for group) and the current permissions for file are displayed by as then the command sets the permissions to displayed by as If the current value of is displays do not change write permission for group) and the current permissions for file are displayed by as then the command sets the permissions to displayed by as DEPENDENCIES
The option causes to fail on file systems that do not support ACLs. AUTHOR
was developed by AT&T and HP. SEE ALSO
chacl(1), ls(1), umask(1), chmod(2), acl(5), aclv(5). STANDARDS CONFORMANCE
chmod(1)