Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict user to a particular directory
Operating Systems Linux Red Hat Restrict user to a particular directory Post 302434121 by verdepollo on Thursday 1st of July 2010 11:00:33 AM
Old 07-01-2010
You can also use NFSv4 ACLs if your filesystem supports it.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restrict my search to current directory.

Hi every1, There is a folder with .lst files which has email id's of our project group. I want to find files which has my email id starting with sachin but i dont want find command to search subdirectories. I have read about prune but i didnt understand that. I am pretty new in this field.... (7 Replies)
Discussion started by: sachin.gangadha
7 Replies

2. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Discussion started by: santhoshkumar_d
8 Replies

3. UNIX for Dummies Questions & Answers

how do U restrict a user to a single directory?

specifically - I don't need to restrict a user to a single directory - but I want them to be "ROOTED" to their home directory. so if my home directory is /home/onlyme when I login - if I do a pwd - I want to see: / but in real life I will be in /home/onlyme - it just appears as root to... (10 Replies)
Discussion started by: itobenon
10 Replies

4. UNIX for Dummies Questions & Answers

restrict one user to see only his home directory in his profile

Hi I need to restrict one user to see only his home directory and one more directory how i can do this in his profile. The OS is Red hat linux I create a user -- tec and group calle --tec one the user log in he will see /home/tec and he need to see /opt/load this dirctory... (6 Replies)
Discussion started by: aboorkuma
6 Replies

5. Solaris

Restrict FTP User to a Directory

I am using Solaris 10 on SPARC. SunOS ddw 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise I have put some text files in a directory '/u01/network' I want to create a ftp user which can just read the files in the network directory. The ftp user shouldn't be able to navigate or see... (4 Replies)
Discussion started by: fahdmirza
4 Replies

6. Solaris

How to restrict user to a specific directory in solaris 10

Hi all, I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only. Regards (6 Replies)
Discussion started by: gilldn
6 Replies

7. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

8. Solaris

restrict sudo and chown in specified directory

Hi Dears, I have one requirement like this: general user A can execute command C with root privilege by sudo configuration some folders and files are created during the command C execution user A cannot access those folders and files because the owner is root user, so I want the user A... (0 Replies)
Discussion started by: crest.boy
0 Replies

9. AIX

How to restrict user to a particular directory?

hi, I want to restrict some user access to only 1 directory (including all sub-directories/files in it). can you please explain me, how can we do this? example; Filesystem GB blocks Used Free %Used Mounted on /dev/hd4 2.61 1.02 1.59 40% / /dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies

10. UNIX for Beginners Questions & Answers

Is there a way to restrict a user (owner) to execute scripts from a specific directory

Hello, I have a user Bob on a RHEL 7 server1. Where his script area is "/home/Bob/scripts/" and he is the owner for this directory. On the server1, there is a NFS mount from another server2, with path as "/global/work/" and Bob is the owner for this directory too in server2. (Same UID and GID... (5 Replies)
Discussion started by: karumudi7
5 Replies

LEARN ABOUT CENTOS

nfs4_setfacl

NFS4_SETFACL(1) 					    NFSv4 Access Control Lists						   NFS4_SETFACL(1)

NAME

       nfs4_setfacl, nfs4_editfacl - manipulate NFSv4 file/directory access control lists

SYNOPSIS

       nfs4_setfacl [OPTIONS] COMMAND file...
       nfs4_editfacl [OPTIONS] file...

DESCRIPTION

       nfs4_setfacl  manipulates  the  NFSv4 Access Control List (ACL) of one or more files (or directories), provided they are on a mounted NFSv4
       filesystem which supports ACLs.

       nfs4_editfacl is equivalent to nfs4_setfacl -e.

       Refer to the nfs4_acl(5) manpage for information about NFSv4 ACL terminology and syntax.

   COMMANDS
       -a acl_spec [index]
	      add the ACEs from acl_spec to file's ACL.  ACEs are inserted starting at the indexth position (DEFAULT: 1) of file's ACL.

       -A acl_file [index]
	      add the ACEs from the acl_spec in acl_file to file's ACL.  ACEs are inserted starting at the indexth position (DEFAULT: 1) of file's
	      ACL.

       -x acl_spec | index
	      delete  ACEs  matched  from  acl_spec - or delete the indexth ACE - from file's ACL.  Note that the ordering of the ACEs in acl_spec
	      does not matter.

       -X acl_file
	      delete ACEs matched from the acl_spec in acl_file from file's ACL.  Note that the ordering of the ACEs in the acl_spec does not mat-
	      ter.

       -s acl_spec
	      set file's ACL to acl_spec.

       -S acl_file
	      set file's ACL to the acl_spec in acl_file.

       -e, --edit
	      edit  file's  ACL  in  the editor defined in the EDITOR environment variable (DEFAULT: vi(1)) and set the resulting ACL upon a clean
	      exit, assuming changes made in the editor were saved.  Note that if multiple files  are  specified,  the	editor	will  be  serially
	      invoked once per file.

       -m from_ace to_ace
	      modify file's ACL in-place by replacing from_ace with to_ace.

       -?, -h, --help
	      display help text and exit.

       --version
	      display this program's version and exit.

       NOTE: if '-' is given as the acl_file with the -A/-X/-S flags, the acl_spec will be read from stdin.

   OPTIONS
       -R, --recursive
	      recursively  apply  to  a  directory's  files and subdirectories.  Similar to setfacl(1), the default behavior is to follow symlinks
	      given on the command line and to skip symlinks encountered while recursing through directories.

       -L, --logical
	      in conjunction with -R/--recursive, a logical walk follows all symbolic links.

       -P, --physical
	      in conjunction with -R/--recursive, a physical walk skips all symbolic links.

       --test
	      display results of COMMAND, but do not save changes.

PERMISSIONS ALIASES

       With nfs4_setfacl, one can use simple abbreviations ("aliases") to express generic "read" (R), generic "write" (W), and	generic  "execute"
       (X)  permissions,  familiar  from  the  POSIX mode bits used by, e.g., chmod(1).  To use these aliases, one can put them in the permissions
       field of an NFSv4 ACE and nfs4_setfacl will convert them: an R is expanded to rntcy, a W is expanded to watTNcCy (with D added to directory
       ACEs), and an X is expanded to xtcy.  Please refer to the nfs4_acl(5) manpage for information on specific NFSv4 ACE permissions.

       For  example,  if one wanted to grant generic "read" and "write" access on a file, the NFSv4 permissions field would normally contain some-
       thing like rwatTnNcCy.  Instead, one might use aliases to accomplish the same goal with RW.

       The two permissions not included in any of the aliases are d (delete) and o (write-owner).  However, they can still be used: e.g.,  a  per-
       missions field consisting of Wdo expresses generic "write" access as well as the ability to delete and change ownership.

EXAMPLES

       Assume that the file `foo' has the following NFSv4 ACL for the following examples:

	      A::OWNER@:rwatTnNcCy
	      D::OWNER@:x
	      A:g:GROUP@:rtncy
	      D:g:GROUP@:waxTC
	      A::EVERYONE@:rtncy
	      D::EVERYONE@:waxTC

       - add ACE granting `alice@nfsdomain.org' generic "read" and "execute" access (defaults to prepending ACE to ACL):
	      $ nfs4_setfacl -a A::alice@nfsdomain.org:rxtncy foo

       - add the same ACE as above, but using aliases:
	      $ nfs4_setfacl -a A::alice@nfsdomain.org:RX foo

       - edit existing ACL in a text editor and set modified ACL on clean save/exit:
	      $ nfs4_setfacl -e foo

       - set ACL (overwrites original) to contents of a spec_file named `newacl.txt':
	      $ nfs4_setfacl -S newacl.txt foo

       - recursively  set  the	ACLs  of all files and subdirectories in the current directory, skipping all symlinks encountered, to the ACL con-
	 tained in the spec_file named `newacl.txt':
	      $ nfs4_setfacl -R -P -S newacl.txt *

       - delete the first ACE, but only print the resulting ACL (does not save changes):
	      $ nfs4_setfacl --test -x 1 foo

       - delete the last two ACEs above:
	      $ nfs4_setfacl -x "A::EVERYONE@rtncy, D::EVERYONE@:waxTC" foo

       - modify (in-place) the second ACE above:
	      $ nfs4_setfacl -m D::OWNER@:x  D::OWNER@:xo foo

       - set ACLs of `bar' and `frobaz' to ACL of `foo':
	      $ nfs4_getfacl foo | nfs4_setfacl -S - bar frobaz

AUTHORS

       nfs4_setfacl was written by people at CITI, the Center for Information Technology Integration  (http://www.citi.umich.edu).   This  manpage
       was written by David Richter.

CONTACT

       Please send bug reports, feature requests, and comments to <nfsv4@linux-nfs.org>.

SEE ALSO

       nfs4_getfacl(1), nfs4_acl(5), RFC3530 (NFSv4.0), NFSv4.1 Minor Version Draft.

Linux							    version 0.3.3, August 2008						   NFS4_SETFACL(1)
All times are GMT -4. The time now is 02:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy