Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Does ACL can only grant/deny access for specific command?
Operating Systems AIX Does ACL can only grant/deny access for specific command? Post 302402501 by devyfong on Wednesday 10th of March 2010 04:05:17 AM
Old 03-10-2010
Hi amitranjansahu,

Thanks for your response.

Your solution would allow the other user can copy the file!

What I want is: allow the other user to read but restrict them to copy that file.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Deny dba command to a user group!!

Dear all i am relatively new in using UNIX i have a problem, We are using IBM Informix Dynamic Server Version 9.40.FC7W4 we have 2 bsic user groups that we are using the 1st is root and another i wasnt to restrict the command "dba" that takes the users of that group to the database. I have... (3 Replies)
Discussion started by: masquerer
3 Replies

2. Filesystems, Disks and Memory

ACL problem due to mv command used in solaris

Hi All, Is there any way to use mv command and that should apply ACL on the moved files that is already set in distination location This mv command is running in a solaris system. File system is NFS. Problem I am facing : Currently mv command removes ACL from moved files and also it... (0 Replies)
Discussion started by: Tlogine
0 Replies

3. IP Networking

how to deny someone to use ftp command ?

hi,all, i have a question to trouble you. a workstation named AAA, and open the ftp services to permit user download and upload files. i have root password. a pc install windows 2k named BBB, someone install a serv-u ftp ( a ftp server software ) to transfer data. i don't have the... (4 Replies)
Discussion started by: yarx
4 Replies

4. Solaris

how to deny ftp access

Hi , I want to deny ftp access to some user. Currently I don't have /etc/ftpusers file. From the man page , i can modify the login shell at /etc/passwd to invalid one. How to add it ? replaced with /dev/null or something. If you have any other method to disabled it . Pls show me. My FTP is... (10 Replies)
Discussion started by: skully
10 Replies

5. Cybersecurity

file permission/acl: 2 users with write access on 1 file...

Hello, i need some help/advice on how to solve a particular problem. these are the users: |name | group | ---------- --------------- |boss | department1 | |assistant | department1 | |employee | department1 | |spy | department2 | this is the... (0 Replies)
Discussion started by: elzalem
0 Replies

6. Shell Programming and Scripting

how i can make one ip access to ftp account and deny others

HI I want to make only one IP can access to ftp acount in cpanel or by shell can any body help me ? (1 Reply)
Discussion started by: elkadrey
1 Replies

7. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies

8. Web Development

Deny access from all users, except PHP application installed in same domain

Hi to all, Please, some help over here. IŽll try to be as much clear I can. In summary my problem is: I have a PHP application installed in a folder of my domain that reads CSV.txt files from another folder in my domain and I need to restrict direct access to see and download these CSV.txt... (0 Replies)
Discussion started by: cgkmal
0 Replies

9. UNIX for Dummies Questions & Answers

Deny to edit a specific file in sudoers

How do I deny a user to edit a specific file in directory but the user will have a capability to use sudo and execute any command? I will just deny him/her to edit sayy 5files in different directories in linux? example. He cannot edit /etc/modprobe.d/blacklist.conf and /etc/sshd.config? Then the... (6 Replies)
Discussion started by: lhareigh890
6 Replies

10. IP Networking

ACL Deny for large IP Scope

I have a large scope of 7,700 IPs that I want my proxy to allow and block everything else. Is such a large block possible with Squid? (1 Reply)
Discussion started by: BobSpero
1 Replies

LEARN ABOUT REDHAT

upsd.conf

UPSD.CONF(5)						      Network UPS Tools (NUT)						      UPSD.CONF(5)

NAME

       upsd.conf - Configuration for Network UPS Tools upsd

DESCRIPTION

       upsd  uses  this  file to control access to the server and set some other miscellaneous configuration values.  This file will contain pass-
       words for your upsmon(8) clients, so keep it secure.  Ideally, only the upsd process should be able to read it.

ACCESS CONTROL CONFIGURATION

       ACL name netblock

	      Define an Access Control List (ACL) called name that contains the network netblock.  The netblock can be either the old style,  such
	      as this for a traditional "class C":

		   ACL mynet 192.168.50.0/255.255.255.0

	      Or, you can use new-style "CIDR format":

		   ACL mynet 192.168.50.0/24

	      To just list one host, it would look like one of these:

		   ACL mybox 192.168.50.1/255.255.255.255

		   ACL mybox 192.168.50.1/32

	      ACLs  are  used  whenever  you  need  to	refer  to a network or host, such as in ACCESS definitions (below) and with "allowfrom" in
	      upsd.users(5).

       ACCESS action level aclname [password]

	      Define the access to commands at level level by clients in the network defined by ACL aclname, optionally requiring a password pass-
	      word.

	      The action can be one of three values:

		   grant - allow the clients to perform commands at this level.

		   deny - deny the clients access to commands at this level.

		   drop - like deny, but don't even respond to their query.

	      The  level  relates  to  the complexity of the command.  More important functions like editing variables inside the UPS require more
	      privileges than merely checking the status.  Each level includes the powers of the one before it.  Here are the valid levels:

		   base - Allows TCP connections and very simple queries.  Valid commands are VER and HELP.

		   monitor - "base", plus the ability to fetch variables from the UPS.	Valid commands are LISTRW, LISTVARS, and REQ.

		   login - Deprecated.	Implies monitor and base.  This is used by old versions of upsmon in slave mode.  Newer versions of upsmon
	      (1.1 and up) that send usernames are granted access in upsd.users(5).

		   master - Deprecated.  Implies login, monitor and base.  Used by old versions in master mode.  See login above.

		   all	-  match  any level.  This really only should be used for "drop all all" or similar.  Granting "all" access to any host is
	      not recommended.

	      The aclname is just one of your ACL definitions, as explained above.

	      The password is only used for "login" or "master", and should not be set for lower access levels.

ACCESS CONTROL EXAMPLES

       Here is an example configuration to show some of what is possible.

	    - "bigserver" has a UPS attached to a serial port.	It runs the driver, upsd, and upsmon in master mode.  This definition is also ref-
       erenced with an "allowfrom" in upsd.users(8).

	    - "workstation" draws from the same UPS as "bigserver", but has to monitor it over the network.  It runs upsmon in slave mode.   It is
       also referenced with an "allowfrom" in upsd.users(8).

	    - "webserver" doesn't get power from this UPS at all, but it runs the CGI programs so it can make nice status displays.

	    - an abuser is silently dropped

	    - everyone not yet covered is denied nicely

		   ACL bigserver 10.20.30.1/32
		   ACL workstation 10.20.30.2/32
		   ACL webserver 10.20.30.3/32
		   ACL abuser 192.168.255.128/32
		   ACL all 0.0.0.0/0

		   ACCESS grant monitor bigserver
		   ACCESS grant monitor workstation
		   ACCESS grant monitor webserver
		   ACCESS drop all abuser
		   ACCESS deny all all

ACCESS CONTROL MATCHING

       Access controls should go from most specific to least specific.	The first match with a sufficient access level is the one used when apply-
       ing permissions.

       Along the same lines, everyone is a member of "all", but we want to match everything else first so they don't hit the deny at the bottom.

       If  you	don't  have a final "all" match at the bottom, it will force one for you as a deny.  This means that you have to explicitly add an
       allow in order to allow the whole world to have access.

       Just think of it as a big repeating "if-then-else" structure.

OTHER CONFIGURATION DIRECTIVES

       MAXAGE seconds

	      upsd usually allows the data from a driver to go up to 15 seconds without an update before declaring it  "stale".   If  your  driver
	      can't reliably update the data that often but is otherwise working, you can use MAXAGE to make upsd wait longer.

	      You  should  only  use  this if your driver has difficulties keeping the data fresh within the normal 15 second interval.  Watch the
	      syslog for notifications from upsd about staleness.

       STATEPATH path

	      Tell upsd to look for the state files in path rather than the default that was compiled into the program.

SEE ALSO

       upsd(8), nutupsdrv(8), upsd.users(5)

   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/

       NUT mailing list archives and information: http://lists.exploits.org/

								  Wed Oct 16 2002						      UPSD.CONF(5)
All times are GMT -4. The time now is 06:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy