|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
Creating USERs with restricted Access
Post 302191309 by hasanatizaz on Friday 2nd of May 2008 07:04:17 AM
05-02-2008
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
OS: FreeBSD 4.9-RELEASE
I have ssh up and running. However, I need to restrict users to their home directory and to links withing those directories (i.e. htdocs/mysite and mysql/var). Is this possible? Any Suggestions? Thanks In advance. (2 Replies)
Discussion started by: ezekiel61
2 Replies
2. Linux
Hi,
I want to create a user and allow its to be able to have telnet session like what you have in the ftp allow and deny. Is this possible
Thanx. (3 Replies)
Discussion started by: kayode
3 Replies
3. UNIX for Dummies Questions & Answers
I'm in the process of setting up two new HP-UX 11.23 i64 servers.
On my existing server (HP-UX B.11.0) we have several users defined to have restricted sam access.
I'm having trouble finding those definitions and copying them over to the new servers. Is this possible - to just copy over the... (1 Reply)
Discussion started by: LisaS
1 Replies
4. UNIX for Dummies Questions & Answers
I am in charge of a project to teach 20 or so inmates basic computer skills. These people cannot have outside access to the web, but I need to show them how to do a basic Google search and search for articles on Wikipedia. (also needs to be Arabic and English)
I was thinking of using a squid... (0 Replies)
Discussion started by: brazen1445
0 Replies
5. Shell Programming and Scripting
Hi,
I need to provide execute access to certain users and not to all users
For ex: if ther is a file /home/august/aug.sh.
and there are user's like jan,feb,mar,april,May and jan is the owner of that box. I need to provide execute access to feb and mar only. I also know the root pwd for... (3 Replies)
Discussion started by: Ashok_oct22
3 Replies
6. HP-UX
Hello everybody,
i need to check which users have resticted sam access..can anybody please let me know how to check this..?
Thanks in advance.. (4 Replies)
Discussion started by: laxmikant
4 Replies
7. UNIX for Dummies Questions & Answers
Hi Expert,
I have 2 questions.
Scenario: Users login via ssh from other location, using putty. or any other equivalent ssh tunnel. All users has been assigned as sudoers due to testing environment.
1. How to disable sudoers from editing /etc/sudoers
e.g
$ sudo vi /etc/sudoers
2.... (3 Replies)
Discussion started by: regmaster
3 Replies
8. AIX
Hi,
We have Oracle Database on AIX 5.3 server.We want to give ftp access to a user to a specific folder.He should be able to put and get files from that specific folder only.Moreover he should not be able to cd to any other filesystems also along with root directory.
Please note that as per... (1 Reply)
Discussion started by: dwiravi
1 Replies
9. Ubuntu
Hi,
I have given a laptop from company with Ubuntu 10.04 on it.
I have restricted access over it, means I have been given sudo login on it.
SO I am unable to so many major activities over it,
Can you all people tell me the Terminal tricks that I can use to get my hands on it. (1 Reply)
Discussion started by: nixhead
1 Replies
10. Programming
Hello.
I need to write a command line interface that can be invoked either directly from the shell (command sub-command arguments), or as a shell that can process sub-commands.
i want to use bash auto completion for both scenarios.
example: lets say my CLI module is called 'mycli' and there... (5 Replies)
Discussion started by: noamr
5 Replies
LEARN ABOUT LINUX
dacsacl
DACSACL(1) DACS Commands Manual DACSACL(1) NAME
dacsacl - list, check, or re-index access control rules SYNOPSIS
dacsacl [dacsoptions[1]] [-build | -nobuild] [-vfs vfs_uri] [...] [op-spec] [acl-name...] DESCRIPTION
This program is part of the DACS suite. The dacsacl utility performs administrative functions related to access control, such as: o validating the syntax of ACL files (parsing the XML and DACS expressions); o checking that the revocation list (VFS type revocations) exists and performing a syntax check on it; o creating an index (a directory data structure, as an XML file) of access control files; and o listing and deleting access tokens in the authorization cache (refer to dacs_acs(8)[2]). Please refer to dacs.acls(5)[3] for details about how access control rule files are named. Important Version 1.4.21 introduced important changes to the way DACS processes access control files, introducing incompatibilities with earlier releases. Please pay special attention to the -convert and -build flags. Most importantly, after adding, deleting, or editing an access control file the ACL index must be regenerated. This can be done simply by running dacsacl with no arguments. Notes o So that it can be run as part of the installation procedure, dacsacl does not require dacs.conf to exist. If it does exist, however, it must be readable and syntactically correct. o The program emits a warning message if it finds different ACL files that contain identical url_pattern (or url_expr) attributes. It does not detect pairs of these attributes that are equivalent, however; in general, it is not possible to do so because the actual specifications used to match against a service request are not known until run time. Two or more service elements should never apply to the same service request (other than through wildcard matching) and the result of authorization testing with such rules is indeterminate. o The dacs_admin(8)[4] web service provides some of the same functionality as dacsacl. OPTIONS
In addition to the standard dacsoptions[1], dacsacl recognizes these options: -build Index rebuilding is done by default with most modes of operation, but it can be explicitly requested with this flag. -nobuild Suppress index rebuilding. -vfs vfs_uri This flag, which may be repeated, causes vfs_uri to be defined as if by a VFS[5] directive, overriding any existing definition. This can be used to specify an alternate location for the item types acls or dacs_acls, for instance. As a special case, if acls (dacs_acls) is defined using this flag but not dacs_acls (acls), then only the former's index will be rebuilt. This option can be useful in conjunction with the -un[1] flag so that indexes can be generated before a jurisdiction has been configured. The optional op-spec describes one of the following operations: -convert This flag is used to convert from the older rule processing scheme (pre-1.4.21) to the current scheme. It should only be needed by installations that are using custom rules (i.e., those other than the standard rules for DACS web pages and web services). Note that in some cases (described below) conversion is not fully automated, so the administrator may need to do some additional work. -- This flag is a no-op that is used to prevent any following argument from being interpreted as a flag or operation. -f file [...] Each file argument is the pathname of an ACL file or a directory containing ACL files. Since ACL files can be organized using a directory structure, directories are checked recursively. -l List the full URI of each access control rule in the virtual filestore for item types acls and dacs_acls. No error checking is performed. -s List the name (sans prefixes) of each access control rule in the virtual filestore for item types acls and dacs_acls. No error checking is performed. -tc Clean up the authorization cache by deleting expired or otherwise invalid entries. Note: since there may not be any concurrency control in effect, this should probably not be done while DACS could be writing to the file. -td # ... Delete one or more authorization cache entries by giving their integer listing number (starting at 1, as produced by the -tl flag). Note: since there may not be any concurrency control in effect, this should probably not be done while DACS could be writing to the file. -tl List the entries in the authorization cache. -tt Truncate the authorization cache, effectively deleting everything in the cache. This is not currently implemented; in the meantime, simply delete the file or database, or copy /dev/null to it. If one or more acl-name arguments appear they are interpreted as ACL files accessed through DACS's virtual filestore using item types acls and dacs_acls (both are checked). The applicable DACS configuration for the item type determines how an acl-name will be accessed. Note that acl-name must be the actual filename. If no op-spec or acl-name is specified, dacsacl will examine all ACL files configured for the appropriate DACS jurisdiction. EXAMPLES
The following command checks all of the access control rules belonging to the jurisdiction associated with dss.example.com: % dacsacl -u dss.example.com -v Checking: /usr/local/dacs/federations/dss/acls/acl.2 Checking: /usr/local/dacs/federations/dss/acls/acl.3 Checking: /usr/local/dacs/federations/dss/acls/acl.4 Checking: /usr/local/dacs/acls/acl-auth.0 (Note: duplicate keys for "acl-auth.0" and "acl-conf.0") Checking: /usr/local/dacs/acls/acl-conf.0 (Note: duplicate keys for "acl-conf.0" and "acl-dacs.0") Checking: /usr/local/dacs/acls/acl-dacs.0 (Note: duplicate keys for "acl-dacs.0" and "acl-passwd.0") Checking: /usr/local/dacs/acls/acl-passwd.0 (Note: duplicate keys for "acl-passwd.0" and "acl-stddocs.0") Checking: /usr/local/dacs/acls/acl-stddocs.0 Updated rule: [acls]dacs-fs:/usr/local/dacs/conf/acls/acl-abc.0 Updated rule: [acls]dacs-fs:/usr/local/dacs/conf/acls/acl-accounts.0 ... Built index for "acls": 44 rules Updated rule: [dacs_acls]dacs-fs:/usr/local/dacs/acls/acl-admin.0 Updated rule: [dacs_acls]dacs-fs:/usr/local/dacs/acls/acl-auth-agent.0 ... Built index for "dacs_acls": 14 rules 58 ACL files were checked (OK) Note While it is not an error for access control rules to have the same numeric suffix, because the suffix partly determines the order in which roles are processed, using equal suffix values accidentally may have unintended results. The following command checks only one access control rule belonging to the jurisdiction associated with dss.example.com: % dacsacl -u dss.example.com -v acl.2 Checking: /usr/local/dacs/federations/dss/acls/acl.2 1 ACL file was checked (OK) DIAGNOSTICS
The program exits 0 if everything was fine, 1 if an error occurred. SEE ALSO
dacsvfs(1)[6], dacs.acls(5)[3], dacs_acs(8)[7], dacs_admin(8)[4], dacs_vfs(8)[8] AUTHOR
Distributed Systems Software (www.dss.ca[9]) COPYING
Copyright2003-2012 Distributed Systems Software. See the LICENSE[10] file that accompanies the distribution for licensing information. NOTES
1. dacsoptions http://dacs.dss.ca/man/dacs.1.html#dacsoptions 2. dacs_acs(8) http://dacs.dss.ca/man/dacs_acs.8.html#authorization_caching 3. dacs.acls(5) http://dacs.dss.ca/man/dacs.acls.5.html 4. dacs_admin(8) http://dacs.dss.ca/man/dacs_admin.8.html 5. VFS http://dacs.dss.ca/man/dacs.conf.5.html#VFS 6. dacsvfs(1) http://dacs.dss.ca/man/dacsvfs.1.html 7. dacs_acs(8) http://dacs.dss.ca/man/dacs_acs.8.html 8. dacs_vfs(8) http://dacs.dss.ca/man/dacs_vfs.8.html 9. www.dss.ca http://www.dss.ca 10. LICENSE http://dacs.dss.ca/man/../misc/LICENSE DACS 1.4.27b 10/22/2012 DACSACL(1)