Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Directory restriction for specific users on Solaris
Operating Systems Solaris Directory restriction for specific users on Solaris Post 302379864 by jim mcnamara on Saturday 12th of December 2009 06:41:24 PM
Old 12-12-2009
I think batrus11 is telling you - use acls to deny access. That is the only fine-grained restriction to a directory easily available - at the moment. group access has nothing to do with it.

You could stick the one user in a one-off group, then put EVERY OTHER user in another group. Not a great idea.

Seems like a lot of work as well.

In all honesty - We see these ' deny one user' kinds of security requests all the time. IMO these requests mean your overall security setup has issues. Or maybe the boss's son logs on and wreaks havoc. I dunno.

Either way, you don't normally want to restrict access on a one-off basis. It is usually unreliable, difficult to implement, and prone to error. You want to GRANT access on a fine grained basis ( read: one user maybe). Big difference.

It is the same thing as culling exceptions to the rule in a user response vs. coding for only acceptable responses. The set of wrong answers is infinite, the set of correct answers very finite. You choose.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Directory restriction warning

Platform: AIX Shell: KSH Does anyone have a good way of warning users that when they do a 'vi' in a certain directory that they cannot save any changes in that directory. For instance, if I have a production id that has all scripts in /myprod/dir, and if anyone comes to this directory and does... (1 Reply)
Discussion started by: giannicello
1 Replies

2. Solaris

give user permission on specific directory in solaris

dear all does any one give any user write permission using access control list or another way to solve this problem (1 Reply)
Discussion started by: murad.jaber
1 Replies

3. Solaris

how to restriction directory size in solaris

how to restrict the size of any directory in solaris. is there any command to give specific file size value for a directory? is there any idea? regards (3 Replies)
Discussion started by: nibiru78
3 Replies

4. Solaris

giving write access to selective users to a certain directory in solaris 10

Hi all, how can i grant write access to a selective users only with write access to a certain filesystem/directory in solaris 10. Please help..i tried "fs setacl"...does not seem to work Please adv..thanks in advance... (4 Replies)
Discussion started by: cromohawk
4 Replies

5. Solaris

create user with RWX access to a specific directory in Solaris 10

I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that? Thanks (5 Replies)
Discussion started by: gsander
5 Replies

6. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

7. Solaris

How to restrict user to a specific directory in solaris 10

Hi all, I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only. Regards (6 Replies)
Discussion started by: gilldn
6 Replies

8. Shell Programming and Scripting

Script to monitor directory size of specific users

Hi, i am new to shell scripts, i need to write a script that can monitor size of directory of specific users. Please help. Thanks, Nitin (2 Replies)
Discussion started by: nicksrulz
2 Replies

9. Solaris

Exclude an specific directory for auditing in Solaris 10

Hello, Im glad to become a member of this forums, Im new on solaris and recentrly im introducing to use auditing service in that system. The need is, that I need how to exclude a directory to the audit service not audit it. And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies

10. Solaris

Solaris local access restriction other than sshd_config?

Hi All, As part of LDAP implementation we need to restrict users/groups locally on solaris machine: Options tried: sshd_config: as far as my testing it is restricting either user or group, as per the first preference. pam_access.so by default I am unable to find(need some help if this is... (0 Replies)
Discussion started by: Sridaran
0 Replies

LEARN ABOUT MOJAVE

createhomedir

createhomedir(1)					    BSD General Commands Manual 					  createhomedir(1)

NAME

     createhomedir -- create and populate home directories on the local computer.

SYNOPSIS

     createhomedir [-scbalh] [-n directoryDomainName] [-u username]

DESCRIPTION

     createhomedir provides several options for creating and populating home directories.

OPTIONS

     -s       creates home directories for server home paths only (default).

     -c       creates home directories for local home paths only.

     -b       creates home directories for both server and local home paths.

     -a       creates home directories for users defined in all directory domains of the server's search path.

     -l       creates home directories for users defined in the local directory domain.

     -L       causes the created home directory to be localized.

     -n directoryDomainName
	      creates home directories for users defined in a specific directory domain in the server's search path.

     -u username
	      creates a home directory for a specific user defined in the domain(s) identified in the -a, -l, or -n parameter. If you omit the -a,
	      -l, and -n parameters when you use the -u parameter, -a is assumed.

     -i       reads username list from standard input and creates specified home directories. Each username should be on its own line.

     -h       usage help.

FILES

     /usr/sbin/createhomedir			   location of tool

CAVEATS

     When using the -a option, search limits of various directory servers (such as Open Directory or Active Directory) can prevent all possible
     home directories from being created. In this case, you may need to specify the usernames explicitly.

Mac OS X							   May 31, 2019 							  Mac OS X
All times are GMT -4. The time now is 12:43 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy