Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to create/restrict a user with to have no privilege from other group
Top Forums UNIX for Dummies Questions & Answers How to create/restrict a user with to have no privilege from other group Post 302307940 by zxmaus on Thursday 16th of April 2009 04:29:40 PM
Old 04-16-2009
I have no idea about hpux - on AIX I would solve such a problem by putting extended permissions that forbit access for a particular group eg noaccess onto the directories I do not want my testuser to access and put the testuser into that group - of course it requires a dedicated filesystem structure where eg everything thats owned by oracle is eg under /ora01 or similar

Rgds
zxmaus
 

10 More Discussions You Might Find Interesting

1. HP-UX

How to restrict a user group to access the kernel

Hi, Please any one can help me to know that how we can restrict a user group to access the kernel at all. (0 Replies)
Discussion started by: harishankar
0 Replies

2. UNIX for Advanced & Expert Users

Flagged Drives Create Access Privilege Issues

Upon trying to open up permissions between 2 accounts in Snow Leopard I caused the os to crash - restarting/turning off then on did nothing - the os would no longer load. I took it into Apple where they got the os back up and running with a slight twist. The secondary drive was flagged (a little... (0 Replies)
Discussion started by: Alexander4444
0 Replies

3. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies

4. AIX

How to create new user and add group

Hello, I am new in AIX please tell how can i create user and add group in this user for example, i want to create user umair and want to add this user primanry group DBA and secondary group ORACLE,how can i do this please tell in detail Thanks, Umair (1 Reply)
Discussion started by: umair
1 Replies

5. UNIX for Dummies Questions & Answers

Restrict access to a set of people in a group

Hi, How can I restrict access to a set of people in a group on a directory? Ex.. The following are the permissions on a directory (dir1) rwxrwxr-- own1 grp1 dir1 where own1 is the owner grp1 is the group name and dir1 is the directory name. So., Is there any way that only few id's in... (0 Replies)
Discussion started by: brahmi
0 Replies

6. Ubuntu

Create New User with the same group nd privileges of the other user

Hi, Anyone can help me on how to duplicate privileges and group for useroradb01 to userrootdb01. I have currently using "useroradb01" and create a newly user "userrootdb01". I want both in the sames privileges and group. Please see the existing users list below; drwxr-xr-x 53 useroradb01... (0 Replies)
Discussion started by: fspalero
0 Replies

7. Solaris

Create New Group/User/Password in S10

I have performed the following with lower case group and usernames and the only difference is that the error message under groupadd goes away, yet I am still unable to successfully add a user WITH a home directory. This is in Solaris 10. I am able to add a group, add a user, add the users... (3 Replies)
Discussion started by: Showflash
3 Replies

8. Shell Programming and Scripting

New To UNIX - Need Script to create report of user & group accounts

Hi, I'm new to the world of UNIX and have been asked to create a complex script (at least complex to me:confused:) for AIX UNIX to create a report of all the users on the server including server, user, UID, groups, GID, etc. Found a script using lsuser, but the output is still lacking. 2 things I... (2 Replies)
Discussion started by: panthur
2 Replies

9. Red Hat

User is a Part of a Group But Group Details Do Not Show the User

Hi, In the following output you can see the the user "richard" is a member on the team/group "developers": # id richard uid=10247(richard) gid=100361(developers) groups=100361(developers),10053(testers) but in the following details of the said group (developers), the said user... (3 Replies)
Discussion started by: indiansoil
3 Replies

10. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

LEARN ABOUT REDHAT

attr

ATTR(5) 							File Formats Manual							   ATTR(5)

NAME

       attr - Extended attributes

DESCRIPTION

       Extended  attributes  are name:value pairs associated permanently with files and directories, similar to the environment strings associated
       with a process.	An attribute may be defined or undefined.  If it is defined, its value may be empty or non-empty.

       Extended attributes are extensions to the normal attributes which are associated with all inodes in the system  (i.e.  the  stat(2)  data).
       They  are often used to provide additional functionality to a filesystem - for example, additional security features such as Access Control
       Lists (ACLs) may be implemented using extended attributes.

       Users with search access to a file or directory may retrieve a list of attribute names defined for that file or directory.

       Extended attributes are accessed as atomic objects.  Reading retrieves the whole value of an attribute and stores it in a buffer.   Writing
       replaces any previous value with the new value.

       Space consumed for extended attributes is counted towards the disk quotas of the file owner and file group.

       Currently,  support  for  extended attributes is implemented on Linux by the ext2, ext3 and XFS filesystem patches, which can be downloaded
       from http://acl.bestbits.at/ and http://oss.sgi.com/projects/xfs/ respectively.

EXTENDED ATTRIBUTE NAMESPACES

       Attribute names are zero-terminated strings.  The attribute name is always specified in the fully qualified namespace.attribute	form,  eg.
       user.mime_type, trusted.md5sum, or system.posix_acl_access.

       The  namespace  mechanism  is  used to define different classes of extended attributes.	These different classes exist for several reasons,
       e.g. the permissions and capabilities required for manipulating extended attributes of one namespace may differ to another.

       Currently the user, trusted, and system extended attribute classes are defined as described below. Additional classes may be added  in  the
       future.

   Extended user attributes
       Extended user attributes may be assigned to files and directories for storing arbitrary additional information such as the mime type, char-
       acter set or encoding of a file. The access permissions for user attributes are defined by the file permission bits.

       The file permission bits of regular files and directories are interpreted differently from the file permission bits of  special	files  and
       symbolic  links.  For  regular files and directories the file permission bits define access to the file's contents, while for special files
       they define access to the device described by the special file.	The file permissions of symbolic links are  not  used  in  access  checks.
       These  differences  would  allow users to consume filesystem resources in a way not controllable by disk quotas for group or world writable
       special files and directories.

       For this reason, extended user attributes are disallowed for symbolic links and special files, and access to extended  user  attributes	is
       restricted  to  the  owner and to users with appropriate capabilities for directories with the sticky bit set (see the chmod(1) manual page
       for an explanation of Sticky Directories).

   Trusted extended attributes
       Trusted extended attributes are visible and accessible only to processes that have the CAP_SYS_ADMIN capability (the super user usually has
       this  capability).   Attributes in this class are used to implement mechanisms in user space (i.e., outside the kernel) which keep informa-
       tion in extended attributes to which ordinary processes should not have access.

   Extended system attributes
       Extended system attributes are used by the kernel to store system objects such as Access Control Lists and Capabilities.   Read	and  write
       access permissions to system attributes depend on the policy implemented for each system attribute implemented in the kernel.

FILESYSTEM DIFFERENCES

       The kernel and the filesystem may place limits on the maximum number and size of extended attributes that can be associated with a file.

       In  the current ext2 and ext3 filesystem implementations, all extended attributes must fit on a single filesystem block (1024, 2048 or 4096
       bytes, depending on the block size specified when the filesystem was created). This limit may be removed in a future version.

       In the XFS filesystem implementation, there is no practical limit on the number of extended attributes associated  with	a  file,  and  the
       algorithms  used  to store extended attribute information on disk are scalable (stored either inline in the inode, as an extent, or in a B+
       tree).

ADDITIONAL NOTES

       Since the filesystems on which extended attributes are stored might also be used on architectures with a different byte order  and  machine
       word size, care should be taken to store attribute values in an architecture independent format.

AUTHORS

       Andreas Gruenbacher, <a.gruenbacher@computer.org> and the SGI XFS development team, <linux-xfs@oss.sgi.com>.

SEE ALSO

       getfattr(1), setfattr(1).

																	   ATTR(5)
All times are GMT -4. The time now is 09:28 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy