07-05-2010
there are no "read only" groups
there are files/folders that have read only permission for a group
if a group has no write access to any file on a system, you may call it read only group, but there's still the /tmp folder, where everyone has write rights
normally a new created user just has write rights to his home directory
if you change the home directory of the user to something like
chmod 555 /home/user , the user should be a read only user for the most directories on your system
but any time you change a directory to 777 for example, the user will be able to write to that directory, so be careful
perhaps you want to have a look at:
UNIX permissions
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there a way to create or better yet modify a user account so it has the same privs as root? (6 Replies)
Discussion started by: xadamz23
6 Replies
2. Solaris
Hi All,
I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions:
- Have only ftp access, no telnet or rlogin
- Have restricted access to its home directory example /export/home/newuser
- Deny access to any other directory.
Thanks for your help,
... (6 Replies)
Discussion started by: Jeremy3
6 Replies
3. UNIX for Dummies Questions & Answers
folks;
I created a new users on my SUSE box and i need to give this user/group a read write access to one specific folder. here's the details:
- I created new user "funny" under group "users".
- I need to give this user "funny" a read/write access to another directory that is owned by "root".... (3 Replies)
Discussion started by: Katkota
3 Replies
4. Solaris
I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that?
Thanks (5 Replies)
Discussion started by: gsander
5 Replies
5. UNIX for Advanced & Expert Users
Hi all,
Can someone help me with creating user with special privilegies?
I need to create user who will have access ONLY to one folder (like /etc/log/) through ftp (read only access) and which will not have any other ways to log in like telnet, ssh etc.? (5 Replies)
Discussion started by: nypreH
5 Replies
6. UNIX for Dummies Questions & Answers
I need to create a user with least permission on the production server.
He should only be able to read or execute the files that to be specific.
For example:
I just need to give him a set of commands to run.Besides those command execution He should be prevented to run any other command and He... (2 Replies)
Discussion started by: pinga123
2 Replies
7. Homework & Coursework Questions
first off let me introduce myself. My name is Eric and I am new to linux, I am taking an advanced linux administration class and we are tasked with creating a script to add new users that anyone can run, has to check for the existence of a directory. if the directory does not exist then it has... (12 Replies)
Discussion started by: pbhound
12 Replies
8. Solaris
Hi All,
I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration.
Regards,
Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies
9. Shell Programming and Scripting
Hi all,
Is there any way to create linux user with access only one defined command? For example, I want new user has access only to ls command. (7 Replies)
Discussion started by: nypreH
7 Replies
OPEN(5) File Formats Manual OPEN(5)
NAME
open, create - prepare a fid for I/O on an existing or new file
SYNOPSIS
Topen tag[2] fid[2] mode[1]
Ropen tag[2] fid[2] qid[8]
Tcreate tag[2] fid[2] name[28] perm[4] mode[1]
Rcreate tag[2] fid[2] qid[8]
DESCRIPTION
The open request asks the file server to check permissions and prepare a fid for I/O with subsequent read and write messages. The mode
field determines the type of I/O: 0, 1, 2, and 3 mean read access, write access, read and write access, and execute access, to be checked
against the permissions for the file. In addition, if mode has the OTRUNC (0x10) bit set, the file is to be truncated, which requires
write permission (if the file is append-only, and permission is granted, the open succeeds but the file will not be truncated); if the mode
has the ORCLOSE (0x40) bit set, the file is to be removed when the fid is clunked, which requires permission to remove the file from its
directory. If other bits are set in mode they will be ignored. It is illegal to write a directory, truncate it, or attempt to remove it
on close. If the file is marked for exclusive use (see stat(5)), only one client can have the file open at any time. That is, after such
a file has been opened, no other open will succeed until fid has been clunked. All these permissions are checked at the time of the open
request; subsequent changes to the permissions of files do not affect the ability to read, write, or remove an open file.
The create request asks the file server to create a new file with the name supplied, in the directory (dir) represented by fid, and
requires write permission in the directory. The owner of the file is the implied user id of the request, the group of the file is the same
as dir, and the permissions are the value of
(perm&(~0777|0111)) | (dir.perm&perm&0666)
if a regular file is being created and
(perm&~0777) | (dir.perm&perm&0777)
if a directory is being created. This means, for example, that if the create allows read permission to others, but the containing direc-
tory does not, then the created file will not allow others to read the file.
Finally, the newly created file is opened according to mode, and fid will represent the newly opened file. Mode is not checked against the
permissions in perm. The qid for the new file is returned with the create reply message.
Directories are created by setting the CHDIR bit (0x80000000) in the perm.
The names . and .. are special; it is illegal to create files with these names.
It is an error for either of these messages if the fid is already the product of a successful open or create message.
An attempt to create a file in a directory where the given name already exists will be rejected; in this case, the create system call (see
open(2)) uses open with truncation. The algorithm used by create is: first walk to the directory to contain the file. If that fails,
return an error. Next walk to the specified file. If the walk succeeds, send a request to open and truncate the file and return the
result, successful or not. If the walk fails, send a create message. If that fails, it may be because the file was created by another
process after the previous walk failed, so (once) try the walk and open again. For the behavior of create on a union directory, see
bind(2).
ENTRY POINTS
Open and create both generate open messages; only create generates a create message.
OPEN(5)