Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Special group & user privileges
Top Forums Shell Programming and Scripting Special group & user privileges Post 302467009 by Scrutinizer on Thursday 28th of October 2010 03:11:49 AM
Old 10-28-2010
1. This is easily accomplished using chmod, like agn suggested, but not if you want to do this with more than one group or user (to accomplish this see 2.)

2. This is not possible with the standard Unix group membership mechanism. It is possible with Access Control Lists if your OS supports them, but not in a general policy sense (although it is possible to enforce a default policy on a per directory basis). You would have to use a tool to visit files with such an extension and apply the ACL. You could use something like find or perhaps use a configuration management application.
An alternative to ACL's might be to use sudo to allow groups of users to become a functional user so that they may acquire certain rights that they ordinarily would not have. You can then deny those rights to other (groups of) users .
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Root privileges &Sudoer

Hi guys... how can a root assign a user all or most of the root privileges? is sudoer comand enough 4 this? thx alot.. (2 Replies)
Discussion started by: blue_7
2 Replies

2. UNIX for Advanced & Expert Users

Can't use sendmail ( Program mode requires special privileges)

I just updated sendmail to the newest version and got into this trouble. Somehow only can root can use sendmail while the other users will simply get "SMTP went away" when using pine or "can not chdir(/var/spool/mqueue/): Permission denied Program mode requires special privileges, e.g., root... (1 Reply)
Discussion started by: Micz
1 Replies

3. UNIX for Dummies Questions & Answers

group & user permission question

Folks; I'd like to create a group on my Linux box & add a few users to it. Is there a way to do so and restrict this group/users to have access to only one or directory trees? Let's say i need this group to only have a read write access to only these two directories /opt/Virtu & /fsn/comers ... (10 Replies)
Discussion started by: Katkota
10 Replies

4. UNIX for Dummies Questions & Answers

user & group read/write access question

folks; I created a new users on my SUSE box and i need to give this user/group a read write access to one specific folder. here's the details: - I created new user "funny" under group "users". - I need to give this user "funny" a read/write access to another directory that is owned by "root".... (3 Replies)
Discussion started by: Katkota
3 Replies

5. Shell Programming and Scripting

How can i copy user permissions(privileges) to a group

Hey there I have a problem and i was hoping that you guys could help me out I want to copy a user privileges to a group and i need to copy all privileges(Recursively) every directory with all its sub directories and I tried some solution and it did not work. I used the following command:- ... (14 Replies)
Discussion started by: The Dark Knight
14 Replies

6. Ubuntu

Create New User with the same group nd privileges of the other user

Hi, Anyone can help me on how to duplicate privileges and group for useroradb01 to userrootdb01. I have currently using "useroradb01" and create a newly user "userrootdb01". I want both in the sames privileges and group. Please see the existing users list below; drwxr-xr-x 53 useroradb01... (0 Replies)
Discussion started by: fspalero
0 Replies

7. Shell Programming and Scripting

New To UNIX - Need Script to create report of user & group accounts

Hi, I'm new to the world of UNIX and have been asked to create a complex script (at least complex to me:confused:) for AIX UNIX to create a report of all the users on the server including server, user, UID, groups, GID, etc. Found a script using lsuser, but the output is still lacking. 2 things I... (2 Replies)
Discussion started by: panthur
2 Replies

8. Solaris

Sudo Privileges & Sudoers Group

I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies

9. Red Hat

User is a Part of a Group But Group Details Do Not Show the User

Hi, In the following output you can see the the user "richard" is a member on the team/group "developers": # id richard uid=10247(richard) gid=100361(developers) groups=100361(developers),10053(testers) but in the following details of the said group (developers), the said user... (3 Replies)
Discussion started by: indiansoil
3 Replies

10. AIX

UID & GID instead of user name and group name

Hi Everyone, We are encountering the following issue on AIX 5.3. When we do ls -ltr the list displays only user id and group id instead of user name and group name. This is happening for all users except root. Whe we do ls -ltr with root user it shows perfectly fine. When we searched... (25 Replies)
Discussion started by: madhav.kunapa
25 Replies

LEARN ABOUT XFREE86

getfacl

getfacl(1)							   User Commands							getfacl(1)

NAME

       getfacl - display discretionary file information

SYNOPSIS

       getfacl [-ad] file...

DESCRIPTION

       For  each  argument  that is a regular file, special file, or named pipe, the getfacl utility displays the owner, the group, and the Access
       Control List (ACL).  For each directory argument, getfacl displays the owner, the group, and the ACL and/or the default ACL. Only  directo-
       ries contain default ACLs.

       The getfacl utility may be executed on a file system that does not support ACLs. It reports the ACL based on the base permission bits.

       With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it
       exists.

OPTIONS

       The following options are supported:

       -a	Displays the filename, the file owner, the file group owner, and the ACL of the file.

       -d	Displays the filename, the file owner, the file group owner, and the default ACL of the file, if it exists.

OPERANDS

       The following operands are supported:

       file	The path name of a regular file, special file, or named pipe.

OUTPUT

       The format for ACL output is as follows:

       # file: filename
       # owner: uid
       # group: gid
       user::perm
       user:uid:perm
       group::perm
       group:gid:perm
       mask:perm
       other:perm
       default:user::perm
       default:user:uid:perm
       default:group::perm
       default:group:gid:perm
       default:mask:perm
       default:other:perm

       When multiple files are specified on the command line, a blank line separates the ACLs for each file.

       The ACL entries are displayed in the order in which they are evaluated when an access check is performed. The default ACL entries that  may
       exist on a directory have no effect on access checks.

       The  first three lines display the filename, the file owner, and the file group owner. Notice that when only the -d option is specified and
       the file has no default ACL, only these three lines are displayed.

       The user entry without a user ID indicates the permissions that	are granted to the file owner. One or more additional user  entries  indi-
       cate the permissions that are granted to the specified users.

       The  group  entry  without  a  group  ID  indicates the permissions that  are granted to the file group owner. One or more additional group
       entries indicate the permissions that  are granted to the specified groups.

       The mask entry indicates the ACL mask permissions. These are the maximum permissions allowed to any user entries except the file owner, and
       to any group entries, including the file group owner. These permissions restrict the permissions specified in other entries.

       The other entry indicates the permissions that are granted to others.

       The  default entries may exist only for directories. These entries indicate the default entries that are added to a file created within the
       directory.

       The uid is a login name or a user ID if there is no entry for the uid in the system password file, /etc/passwd. The gid is a group name	or
       a group ID if there is no entry for the gid in the system group file, /etc/group. The perm is a three character string composed of the let-
       ters representing the separate discretionary access rights: r (read), w (write), x (execute/search), or the place holder character  -.  The
       perm is displayed in the following order: rwx. If a permission is not granted by an ACL entry, the place holder character appears.

       If   you  use the chmod(1) command to change the file group owner permissions on a file with ACL entries, both the file group owner permis-
       sions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions may change the effective  permissions
       for additional users and groups who have ACL entries on the file.

       In  order  to  indicate	that  the  ACL mask  restricts an ACL entry, getfacl displays an additional tab character, pound sign (#), and the
       actual permissions granted, following the entry.

EXAMPLES

       Example 1: Displaying file information

       Given file foo, with an ACL six entries long, the command

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--
       group::r--
       mask::rw-
       other::---

       Example 2: Displaying information after chmod command

       Continue with the above example, after chmod 700 foo was issued:

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--	   #effective:---
       group::---
       mask::---
       other::---

       Example 3: Displaying information when ACL contains default entries

       Given directory doo, with an ACL containing default entries, the command

       host% getfacl -d doo

       would print:

       # file: doo
       # owner: shea
       # group: staff
       default:user::rwx
       default:user:spy:---
       default:user:mookie:r--
       default:group::r--
       default:mask::---
       default:other::---

FILES

       /etc/passwd     system password file

       /etc/group      group file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       chmod(1), ls(1), setfacl(1), acl(2), aclsort(3SEC), group(4), passwd(4), attributes(5)

NOTES

       The output from getfacl is in the correct format for input to the setfacl -f command. If the output from getfacl is redirected to  a  file,
       the file may be used as input to setfacl. In this way, a user may easily assign one file's ACL to another file.

SunOS 5.10							    5 Nov 1994								getfacl(1)
All times are GMT -4. The time now is 09:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy