Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Hiding Directories on a Session by Session basis
Top Forums Shell Programming and Scripting Hiding Directories on a Session by Session basis Post 302262098 by en7smb on Wednesday 26th of November 2008 10:34:55 AM
Old 11-26-2008
Quote:
Originally Posted by jim mcnamara
Deny execute access to users in group DeptA on /filesystem1, grant execute access to DeptB on /filesystem1.

Have no world (or other) access on /filesystem1. Put all of DeptA into a single group, put all of DeptB into a separate group.

If your filesystems support acl's you can block access using acl's on a per user basis if you want. You only need to block access department-wide at one point -one directory - then all subsequent directories become unreachable. See man chacl
Jim,

Thanks for the reply.

However, is this giving rise to the dynamic permissions required? IE userA starts a session while physically sitting in deptA (which the software knows and passes to the .sh file) and can see deptA filesystem. Then same userA walks down the corridor to deptB and starts a session, and this time shouldn't be able to see deptA filesystem.

Is chroot a possible solution to this? Only just found it, so just looking over its potential now.

Thanks,

Steve
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sqlplus session being able to see unix variables session within a script

Hi there. How do I make the DB connection see the parameter variables passed to the unix script ? The code snippet below isn't working properly. sqlplus << EOF user1@db1/pass1 BEGIN PACKAGE1.perform_updates($1,$2,$3); END; EOF Thanks in advance, Abrahao. (2 Replies)
Discussion started by: 435 Gavea
2 Replies

2. Solaris

I am not able to login in gnome session and java session in Sun solaris 9& 10

I am not able to login in gnome session and java session in Sun solaris 9& 10 respectively through xmanager as a nis user, I am able to login in common desktop , but gnome session its not allowing , when I have given login credentials, its coming back to login screen, what shoul I do to allow nis... (0 Replies)
Discussion started by: durgaprasadr13
0 Replies

3. Shell Programming and Scripting

starting a bash session as child process to another bash session from a process

Hi I want to do something that might sound strange. I have a code that in written in C and is executed at startup (it's a custom process). It occasionally calls some bash scripts. The process doesn't have any terminal associated with it. One thing I don't know how to do is to start a... (5 Replies)
Discussion started by: alirezan
5 Replies

4. HP-UX

ssh session getting hung (smilar to hpux telnet session is getting hung after about 15 minutes)

Our network administrators implemented some sort of check to kill idle sessions and now burden is on us to run some sort of keep alive. Client based keep alive doesn't do a very good job. I have same issue with ssh. Does solution 2 provided above apply for ssh sessions also? (1 Reply)
Discussion started by: yoda9691
1 Replies

5. Shell Programming and Scripting

Determining if session is a login session

Besides 'who am i' and 'tty' what commands could be used to determine if a session is interactive as compared to a web process or cron process. Any command should work with the common unix variants. (3 Replies)
Discussion started by: jgt
3 Replies

6. Solaris

Difference between the desktop session and console session

what is the difference between desktop session and console session in solaris as i am wondering we use option -text for the former and -nowin for the later (1 Reply)
Discussion started by: kishanreddy
1 Replies

7. Solaris

Cygwin X Server error: xdmcp fatal error session failed session 23 failed for display

Hi, i got the following error when i tried to access the cygwin x server from a windows XP PC. "xdmcp fatal error session failed session 23 failed for display" Alternatively, when i tried to access the same Cygwin X Server from another windows XP PC which is on a different LAN... (3 Replies)
Discussion started by: HarishKumarM
3 Replies

8. Linux

Session "hijacking" - Recover lost session

Hi Guys, Is there a way to recover a lost session? I was working in a server and that lost the connection, now, I have a new session but all the previous processes that I was running, like scripts, etc, are still running. Is there a way to bring them to my session? Best regards, Marco. (4 Replies)
Discussion started by: ocramas
4 Replies

9. Shell Programming and Scripting

List directories on the basis of name

I have below directories. All directories create as per some some logging software by today so all directories current time is today date. Direct 2013-08-12 23123 Direct 2013-08-13 24121 Direct 2013-08-14 34513 Direct 2013-08-31 15435 ........... Direct 2013-09-12 53145 Direct... (5 Replies)
Discussion started by: learnbash
5 Replies

LEARN ABOUT HPUX

getaccess

getaccess(1)						      General Commands Manual						      getaccess(1)

NAME

       getaccess - list access rights to file(s)

SYNOPSIS

       user] user] group[,group]...] file ...

       file ...

DESCRIPTION

       lists for the specified files the effective access rights of the caller (that is, for their effective user ID, effective group ID, and sup-
       plementary groups list).  By default, the command prints a symbolic representation of the user's access rights to the named  file:  or  for
       read/no read, or for write/no write, and or for execute/no execute (for directories, search/no search), followed by the file name.

   Options
       recognizes the following options and command-line arguments:

	      List access for the given user instead of the caller.
			     A	user  can  be  a known user name, a valid ID number, or @, representing the file's owner ID.  If information about
			     more than one file is requested, the value of @ can differ for each.

			     This option sets the user ID only.  The access check is made with the caller's effective group ID	and  supplementary
			     group IDs unless is also specified.

	      List access for the given group(s) instead of the caller's effective group
			     ID  and  supplementary  groups  list.   A	group can be a known group name, a valid ID number, or @, representing the
			     file's group ID.  If information about more than one file is requested, the value of @ can differ for each.

	      List access using the caller's real user
			     ID, group ID, and supplementary groups list, instead of effective ID values.

	      List access rights numerically
			     (octal digits instead of for each file requested.	The bit values and are defined in the file

       Checking access using access control lists is described in acl(5) and aclv(5).

       In addition, the write bit is cleared for files on read-only file systems or shared-text programs being executed.  The execute bit  is  not
       turned  off  for shared-text programs open for writing because it is not possible to ascertain whether a file open for writing is a shared-
       text program.

       Processes with appropriate privileges have read and write access to all files.  However, write access is denied for files on read-only file
       systems or shared-text programs being executed.	Execute access is allowed if and only if the file is not a regular file or the execute bit
       is set in any of the file's ACL entries.

       To use successfully, the caller must have search access in every directory component of the path name of the file.  verifies search  access
       first  by  using  the  caller's effective IDs, regardless of the user and group IDs specified.  This is distinct from the case in which the
       caller can search the path but the user for whom access is being checked does not have access to the file.

       Note: a file name argument of has no special meaning (such as standard input) to

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

       If is not specified or is set to the empty string, a default of "C" (see lang(5)) is used instead of If any  internationalization  variable
       contains an invalid setting, behaves as if all internationalization variables are set to "C".  See environ(5).

RETURN VALUE

       returns one of the following values:

	      0    Successful completion.

	      1    was invoked incorrectly or encountered an unknown user or group name.  An appropriate message is printed to standard error.

	      2    A file is nonexistent or unreachable (by the caller).  prints an appropriate message to standard error, continues, then returns
		   a value of 2 upon completion.

EXAMPLES

       The following command prints the caller's access rights to file1 using the file's group ID instead of the caller's effective group  ID  and
       groups list.

       Here's how to check access by user in groups and to all files in the current directory, with access rights expressed as octal values.

       Here's how to list access rights for all files under

AUTHOR

       was developed by HP.

FILES

SEE ALSO

       chacl(1), getacl(1), lsacl(1), setacl(1), getaccess(2), glossary(9).

																      getaccess(1)
All times are GMT -4. The time now is 05:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy