"Dynamic" Group Permissions? Post: 302261646

Sponsored Content

Operating Systems Linux Red Hat "Dynamic" Group Permissions? Post 302261646 by en7smb on Tuesday 25th of November 2008 09:23:24 AM

11-25-2008

Registered User

"Dynamic" Group Permissions?

Hi all,

Apologies if the answer is out there somewhere, I did have a search about.....

In my environment of a RHEL 4 machine and users all listed out in LDAP (say, userA in a deptZ primary group; userB in same deptZ primary group, plus deptY secondary group), I am trying to find a mechanism to provide permissions on files based on username AND user location.

Essentially through my software - which is essentially kicked off by a .sh file and this is where I am trying to put this logic - I want a userA session running in deptA to create a file with permissions:
.rw.r..... userA deptZ file1

A userB session can then read the file when physically in deptZ, but somehow his membership of deptZ is removed when he physically is not in that dept, ie he is down the corridor in deptY. My software startup .sh file for each session can flag which dept the user is in, so I am looking for someway in the script to turn this flag into granting/denying access to the file for each particular session.

Any ideas? Am I crazy?!

Thanks for looking,

Steve

en7smb

View Public Profile for en7smb

Find all posts by en7smb

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

passing a list of dynamic names to a "PS" command in shell script?

Hi, I am new to shell script. This is my first post .I have written a small script which returns list of names starts with "ram" in /etc/passwd .Here is that:- #!/bin/ksh NAME_LIST="name_list.txt" cat /dev/null > $NAME_LIST evalcmd="cat /etc/passwd | grep "^ram?*" | cut -d: -f1" eval...

2. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha

3. HP-UX

To give the "unzip" permissions & "create" file permissions

Hi, I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory. Thanks in advance. Mike

4. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone...

5. Shell Programming and Scripting

Makefiles and "Dynamic" Rules

I have a configuration file, foo.cfg, and a script, bar.sh. bar.sh generates .cc and .h files based on foo.cfg. To exemplify, let's say it creates apple.cc, apple.h, banana.cc, banana.h, carrot.cc, carrot.h, and so on. How do I write a Makefile that runs bar.sh if and only if foo.cfg has...

6. Shell Programming and Scripting

Dynamic variables and our friend "if"

Hi guys, Sorry if it is somewhere in the forum, I've checked for an hour or so with my google friend and can't figure this one out. Not counting the 2 hours I spent yelling at it. Welcome to BASH + AIX $LSLV -l $LV | $GREP -v $LV | $GREP -v "IN BAND" | $AWK '{print $1}' | while read PV;...

7. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing �To� e-mail address and column 3 contains �cc� e-mail address to include with same email. Sample input file, email.txt Below is an sample code where...

8. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing...

9. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ...

LEARN ABOUT HPUX

slapo-dyngroup

SLAPO-DYNGROUP(5)						File Formats Manual						 SLAPO-DYNGROUP(5)

NAME

       slapo-dyngroup - Dynamic Group overlay to slapd

SYNOPSIS

       /etc/ldap/slapd.conf

DESCRIPTION

       The  Dynamic  Group overlay allows clients to use LDAP Compare operations to test the membership of a dynamic group the same way they would
       check against a static group. Compare operations targeting a group's static member attribute will be intercepted  and  tested  against  the
       configured dynamic group's URL attribute.

       Note  that  this  intercept only happens if the actual Compare operation does not return a LDAP_COMPARE_TRUE result. So if a group has both
       static and dynamic members, the static member list will be checked first.

CONFIGURATION

       This slapd.conf option applies to the Dynamic Group overlay.  It should appear after the overlay directive.

       attrpair <memberAttr> <URLattr>
	      Specify the attributes to be compared. A compare operation on the memberAttr will cause the URLattr to be evaluated for the result.

EXAMPLES

	 database bdb
	 ...
	 overlay dyngroup
	 attrpair member memberURL

FILES

       /etc/ldap/slapd.conf
	      default slapd configuration file

SEE ALSO

       slapd.conf(5), slapd-config(5).

AUTHOR

       Howard Chu

OpenLDAP							    2012/04/23							 SLAPO-DYNGROUP(5)