09-09-2011
I would reccomend you check setuid.
You can make a shell script and a small c program to call it with root privileges.
So an example :
You make shell script with USER named test.sh which does cp file1 /etc/
Then you make a C program called execshell (or whatever) which runs that script with system call ( please find examples online for C setuid and system call )
Compile that program.
As root you make chown root:root and chmod 4755 to that C program.
User can now invoke that c program which will execute that shell script with root permisions and copy the file1 to /etc/ as root invoked by USER.
Be carefull tho, setuid needs to be handled with care.
passwd would be a lovely example of setuid in C and exceptions it uses.
Hope that helps.
Regards
Peasant.
10 More Discussions You Might Find Interesting
1. Solaris
dear all
does any one give any user write permission using access control list or another way to solve this problem (1 Reply)
Discussion started by: murad.jaber
1 Replies
2. Solaris
Hi experts,
I have a user "bingo" in my sunsolaris 9.
# /etc/passwd
bingo:x:513:1::/export/home/bingo:/bin/bash
when anyone Telnet to this user it goes to his home directory /export/home/bingo
But now i want- when someone FTP to this user "bingo" it will NOT go to his home dir. Rather it... (5 Replies)
Discussion started by: thepurple
5 Replies
3. UNIX for Dummies Questions & Answers
hello,
I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user.
I have tried this 'chmod -U newUser+wrx... (2 Replies)
Discussion started by: run123
2 Replies
4. Solaris
I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that?
Thanks (5 Replies)
Discussion started by: gsander
5 Replies
5. Solaris
is is possible to grant user access to only one subdirectory? example
a. create ftp user with read/write/delete access (ftp user doesnt belong to uguys group)
$ cd /etc/mydir
$ls
file1 file2
$ls -al
-rw-rw-r-x 2 unixguy uguys 96 Dec 8 12:53 file1
-rw-rw-r-x 2 unixguy uguys 96 Dec 8... (1 Reply)
Discussion started by: lhareigh890
1 Replies
6. Solaris
Hi all,
I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only.
Regards (6 Replies)
Discussion started by: gilldn
6 Replies
7. Solaris
Hi,
I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies
8. Solaris
Hello Team,
I have Solaris 10 u6
I have a user test1 using bash that belong to the group staff.
I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories.
How can I do it ?
Thanks in advance (1 Reply)
Discussion started by: csierra
1 Replies
9. UNIX for Advanced & Expert Users
Hello Folks,
Of course i came here for your favour :)
How to set a defalult home directory for sFTP login ( at present users land in to their home directrory) when they connect from specific server.
When server(A) sFTP's to Linux server(B) they land to thier home directory.
I want... (5 Replies)
Discussion started by: Thala
5 Replies
10. UNIX for Beginners Questions & Answers
Hello,
I have a user Bob on a RHEL 7 server1. Where his script area is "/home/Bob/scripts/" and he is the owner for this directory.
On the server1, there is a NFS mount from another server2, with path as "/global/work/" and Bob is the owner for this directory too in server2. (Same UID and GID... (5 Replies)
Discussion started by: karumudi7
5 Replies
LEARN ABOUT OSX
heimdal_debug
heimdal_debug(5) BSD File Formats Manual heimdal_debug(5)
NAME
heimdal_debug -- how to turn on/off debugging for Kerberos tools
DESCRIPTION
The heimdal_debug kerberos frameworks have several knobs for controlling logging. The different framework knobs are:
libkrb
The Kerberos library, some gss-api Kerberos output ends up here too
kcm the kcm library (credentials cache, ntlm client)
kdc the kerberos KDC output
digest-service
the digest service (ntlm server)
CONFIGURATION FILE
[logging]
<subsystem> = 0-/SYSLOG:
and watch syslog for logging information.
APPLE MAC OS X
First turn up syslog debugging
sudo syslog -c 0 -d
then you can see the syslog output in Console.app or by running
syslog -w -k org.h5l.asl
To enable more extensive debugging logging for each subsystem, use the following commands:
Kerberos Library
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add krb5 '0-/ASL:'
digest-server
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add digest-service '0-/ASL:'
kcm sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kcm '0-/ASL:'
kdc sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kdc '0-/ASL:'
MIT Kerberos Shim
defaults write com.apple.MITKerberosShim EnableDebugging -bool true
GSS-API framework logging
sudo defaults write /Library/Preferences/com.apple.GSS DebugLevel -int 10
Other options on Mac OS X
Make the admin API pretend to the server even on client
sudo defaults write /Library/Preferences/com.apple.Kerberos ForceHeimODServerMode -bool true
SEE ALSO
gss(5), kerberos(8)
HEIMDAL
Sep 30, 2011 HEIMDAL