Sponsored Content
Operating Systems Solaris create user with RWX access to a specific directory in Solaris 10 Post 302341693 by Corona688 on Thursday 6th of August 2009 11:45:35 AM
Old 08-06-2009
Create a group, change the group of the files/dirs to that new group, add him to that group.
 

10 More Discussions You Might Find Interesting

1. Solaris

give user permission on specific directory in solaris

dear all does any one give any user write permission using access control list or another way to solve this problem (1 Reply)
Discussion started by: murad.jaber
1 Replies

2. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

3. Shell Programming and Scripting

how to create and access a directory in the same script using variables

I have a working script that defines the paths using variables which is used to move a rename files that are being archived. Is there a way to create a directory in the path with the date as the name and then reference it when moving the file to it? Here is what I have tried with no luck.... ... (1 Reply)
Discussion started by: Snickyt0310
1 Replies

4. Solaris

How to restrict user to a specific directory in solaris 10

Hi all, I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only. Regards (6 Replies)
Discussion started by: gilldn
6 Replies

5. Homework & Coursework Questions

Create script to add user and create directory

first off let me introduce myself. My name is Eric and I am new to linux, I am taking an advanced linux administration class and we are tasked with creating a script to add new users that anyone can run, has to check for the existence of a directory. if the directory does not exist then it has... (12 Replies)
Discussion started by: pbhound
12 Replies

6. UNIX for Advanced & Expert Users

allow user to use sudo cp on a specific directory and only a specific file

Is there a way to allow a user to use sudo cp on a specific directory and only a specific file? (6 Replies)
Discussion started by: cokedude
6 Replies

7. UNIX for Dummies Questions & Answers

How to create a Group with rwx permission?

I want to create a GROUP with rwx permission. Also, I want to create a GROUP with root privileges, so that next time i create a user, I just need to add it to any of the groups and privileges automatically applied. please help. Thanks, Shouvanik (4 Replies)
Discussion started by: shouvanik
4 Replies

8. Solaris

Limit FTP user's access to a specific directory

Hi, I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies

9. Shell Programming and Scripting

Create user with access only to one command

Hi all, Is there any way to create linux user with access only one defined command? For example, I want new user has access only to ls command. (7 Replies)
Discussion started by: nypreH
7 Replies

10. Solaris

Limit bash/sh user's access to a specific directory

Hello Team, I have Solaris 10 u6 I have a user test1 using bash that belong to the group staff. I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories. How can I do it ? Thanks in advance (1 Reply)
Discussion started by: csierra
1 Replies
krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME
krb5_auth_rules - Overview of Kerberos V5 authorization DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity is permitted to access the Solaris user account that the client wants to access. Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file. If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then the originating user is denied access. For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user. Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will be granted access to the account if and only if all of the following are true: o The user part of the authenticated principal name is the same as the target account name specified by the client. o The realm part of the client and server are the same. o The target account name exists on the server. For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM differ. FILES
~/.k5login Per user-account authorization file. /etc/passwd System account file. This information may also be in a directory service. See passwd(4). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5) NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user. SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)
All times are GMT -4. The time now is 07:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy