If an executable script called "myscript" was invoked from the command line as
we can save the parameters into named environment variables called say filename from $1 and the permissions parameter (755) from $2.
If we want to find out the current directory listing for the file myfile we can extend the script by one line. Any line starting with a hash character (#) a comment line and will be ignored by the shell.
Now we understand script parameters, we can take the saved $2 (now called ${perms} ) and substitute it into a unix chmod command.
Your turn!
Last edited by methyl; 02-24-2010 at 06:16 PM..
Reason: After discussion with colleagues decided to put 755 on the command call to point the way.
Use the following to Change permission of fileB (fileB could be fileB*) to change its permission same as the permission of fileA.
chmod `ls -l fileA | awk '{pr
int "u+", substr($1,2,1), substr($1,3,1), substr($1,4,1), ",g+", substr($1,5,1),
substr($1,6,1), substr($1,7,1), ",o+",... (0 Replies)
Is it possible to change the permissons
for an entire directory in one shot?
I'm telneting on to a linux server.
...just a beginner--
--Paul (4 Replies)
Hello !
When I connect to a RH FTP server, the files I transfer (from my "windows computer") to this server have the following permissions : -rw------- but I would like those files to have the following permissions : - rw-rw-r-x
How can I do that ??? :)
Thanks for your help !
G. (6 Replies)
How can I change the default permissions that are assigned when I create a file? (By default the file has: -rw-r--r-- ..... I'd like it to be -rw-r-----
How can I change this default behavior? (8 Replies)
if I have a file set to permisions 444 (r-- r-- r--) should anyone other than the owner and root be able to change these permissions or delete the file.
Apologies if this is a no-brainer but I cant test it myself and someone in our organisation is playin around with files they shouldnt be (1 Reply)
I'm doing a security sweep of a Sun Sol 5.8 system. The file: /dev/console, which links to /devices/pseudo/cn@0:console, has the following perms: crw--w--w- I would like to get rid of the world write permissions. I can change the file permissions, but as soon as log back in, they are changed... (4 Replies)
does anyone know how to write a script that will change file permissions. because the Admin blocked me from altering any of my files im only allowed to read and i heard a script like this can bypass it but i dont know how to write it.
Display current users. Display user Ids only.
Display... (10 Replies)
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
Write a shell script that gives a passed file the "755" access permissions. The shell script should:
Change... (0 Replies)
Hi,
I have used expdp for datapump. The .dmp file is created by the "oracle" user.
my requirement is to make a zipped file of this .dmp file.
What i am trying to do is change the permissions of this .dmp file from 0640 to 0644 and then do a gzip and zip it. Is there any way i can change... (3 Replies)
Discussion started by: qwertyu
3 Replies
LEARN ABOUT DEBIAN
avc_add_callback
avc_add_callback(3) SELinux API documentation avc_add_callback(3)NAME
avc_add_callback - additional event notification for SELinux userspace object managers.
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/avc.h>
int avc_add_callback(int (*callback)(uint32_t event,
security_id_t ssid,
security_id_t tsid,
security_class_t tclass,
access_vector_t perms,
access_vector_t *out_retained),
uint32_t events, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms);
DESCRIPTION
avc_add_callback is used to register callback functions on security events. The purpose of this functionality is to allow userspace object
managers to take additional action when a policy change, usually a policy reload, causes permissions to be granted or revoked.
events is the bitwise-or of security events on which to register the callback; see SECURITY EVENTS below.
ssid, tsid, tclass, and perms specify the source and target SID's, target class, and specific permissions that the callback wishes to moni-
tor. The special symbol SECSID_WILD may be passed as the source or target and will cause any SID to match.
callback is the callback function provided by the userspace object manager. The event argument indicates the security event which occured;
the remaining arguments are interpreted according to the event as described below. The return value of the callback should be zero on suc-
cess, -1 on error with errno set appropriately (but see RETURN VALUE below).
SECURITY EVENTS
In all cases below, ssid and/or tsid may be set to SECSID_WILD, indicating that the change applies to all source and/or target SID's.
Unless otherwise indicated, the out_retained parameter is unused.
AVC_CALLBACK_GRANT
Previously denied permissions are now granted for ssid, tsid with respect to tclass. perms indicates the permissions to grant.
AVC_CALLBACK_TRY_REVOKE
Previously granted permissions are now conditionally revoked for ssid, tsid with respect to tclass. perms indicates the permissions
to revoke. The callback should set out_retained to the subset of perms which are retained as migrated permissions. Note that
out_retained is ignored if the callback returns -1.
AVC_CALLBACK_REVOKE
Previously granted permissions are now unconditionally revoked for ssid, tsid with respect to tclass. perms indicates the permis-
sions to revoke.
AVC_CALLBACK_RESET
Indicates that the cache was flushed. The SID, class, and permission arguments are unused and are set to NULL.
AVC_CALLBACK_AUDITALLOW_ENABLE
The permissions given by perms should now be audited when granted for ssid, tsid with respect to tclass.
AVC_CALLBACK_AUDITALLOW_DISABLE
The permissions given by perms should no longer be audited when granted for ssid, tsid with respect to tclass.
AVC_CALLBACK_AUDITDENY_ENABLE
The permissions given by perms should now be audited when denied for ssid, tsid with respect to tclass.
AVC_CALLBACK_AUDITDENY_DISABLE
The permissions given by perms should no longer be audited when denied for ssid, tsid with respect to tclass.
RETURN VALUE
On success, avc_add_callback returns zero. On error, -1 is returned and errno is set appropriately.
A return value of -1 from a callback is interpreted as a failed policy operation. If such a return value is encountered, all remaining
callbacks registered on the event are called. In threaded mode, the netlink handler thread may then terminate and cause the userspace AVC
to return EINVAL on all further permission checks until avc_destroy(3) is called. In non-threaded mode, the permission check on which the
error occurred will return -1 and the value of errno encountered to the caller. In both cases, a log message is produced and the kernel
may be notified of the error.
ERRORS
ENOMEM An attempt to allocate memory failed.
NOTES
If the userspace AVC is running in threaded mode, callbacks registered via avc_add_callback may be executed in the context of the netlink
handler thread. This will likely introduce synchronization issues requiring the use of locks. See avc_init(3).
Support for dynamic revocation and retained permissions is mostly unimplemented in the SELinux kernel module. The only security event that
currently gets excercised is AVC_CALLBACK_RESET.
AUTHOR
Eamon Walsh <ewalsh@tycho.nsa.gov>
SEE ALSO avc_init(3), avc_has_perm(3), avc_context_to_sid(3), avc_cache_stats(3), security_compute_av(3)selinux(8)
9 June 2004 avc_add_callback(3)