Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict user access
Operating Systems Linux Red Hat Restrict user access Post 302582860 by hedkandi on Sunday 18th of December 2011 11:12:50 PM
Old 12-19-2011
Restrict user access
Hi there

I have an application user on my system that wants accesses to these file systems as such:

rwx:

/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R

r:
/usr/sap

these are the existing FS permissionsSmiliewnerships:

Code:
[root@H99A100 ~]# ls -ld /SAPO
drwxrwxr-x 64 ZODCIFUSR ODCgrp 12288 Nov 25 11:02 /SAPO

[root@H99A100 ~]# ls -ld /SAPS12
drwxrwxr-x 5 s12adm ODCgrp 4096 Nov  7 13:49 /SAPS12

[root@H99A100 ~]# ls -ld /R3_888
drwxrwxr-x 129 s12adm ODCgrp 4096 Nov 10 09:56 /R3_888

[root@H99A100 ~]# ls -ld /R3_888B
drwxrwxr-x 31 s12adm ODCgrp 4096 Nov  7 15:03 /R3_888B

[root@H99A100 ~]# ls -ld /R3_888F
drwxrwxr-x 43 s12adm ODCgrp 4096 Nov 21 17:16 /R3_888F

[root@H99A100 ~]# ls -ld /R3_888R
drwxrwxr-x 4 s12adm ODCgrp 4096 Nov  7 15:03 /R3_888R

[root@H99A100 ~]# ls -ld /usr/sap
drwxrwxr-x 5 s12adm sapsys 4096 Oct 25 22:16 /usr/sap

the user:

Code:
[root@H99A100 ~]# id ZODCIFUSR
uid=2020(ZODCIFUSR) gid=200(ODCgrp) groups=200(ODCgrp),0(root) context=root:system_r:unconfined_t:SystemLow-SystemHigh

so how do i go by providing user ZODCIFUSR access to the file systems stated above without setting ACLs on the system? (or is ACLs the only way to do it?)

right now, he's in group 0, so he can pretty much access all the FS but this is just a temp workaround

I was thinking of adding the user to supplementary groups on which the FS are grouped (i.e. sapsys, ODCgrp)

please help, if ACLs is the way to do it, please let me know because i am not very good with the commands

thank you
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

restrict tcp-port access

Hi Is there any way to restrict the TCP-IP port usage. I want to restrict TCP-IP port 1500/1550 to the oracle osuser. Tanks in advance. Remi (2 Replies)
Discussion started by: remivisser
2 Replies

2. HP-UX

How to restrict a user group to access the kernel

Hi, Please any one can help me to know that how we can restrict a user group to access the kernel at all. (0 Replies)
Discussion started by: harishankar
0 Replies

3. Red Hat

restrict access of a user to two directories only

Hi all, I am using RHEL 5.0 I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory. I do not want to change his login shell which is ksh or bash by default. Moreover, he should not even have read access of other directories. ... (10 Replies)
Discussion started by: vikas027
10 Replies

4. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Discussion started by: santhoshkumar_d
8 Replies

5. UNIX for Dummies Questions & Answers

Restrict user access to their home dir

Hi! i'm using FreeBSD 6.2 and hosting my pc to frens in particular of sensitive information being saved to the PC, i would like to know is it possible for me to restrict user access to their /home dir. only? and also, i wanted to restrict them listing files under /etc thanks all! (10 Replies)
Discussion started by: rdns
10 Replies

6. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7 (6 Replies)
Discussion started by: nua7
6 Replies

7. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

8. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

9. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

10. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

LEARN ABOUT DEBIAN

lfc-getacl

LFC-GETACL(1)							 LFC User Commands						     LFC-GETACL(1)

NAME

       lfc-getacl - get LFC directory/file access control lists

SYNOPSIS

       lfc-getacl [-a] [-d] path...

DESCRIPTION

       lfc-getacl gets the Access Control List associated with a LFC directory/file.  For each path, it  displays the file name, owner, the group,
       and the Access Control List (ACL) if present. If a directory has a default ACL, lfc-getacl also displays the  default  ACL.  Regular  files
       cannot have default ACLs.

       The output looks like:

	    # file: filename
	    # owner: username
	    # group: groupname
	    user::perm
	    user:uid:perm
	    group::perm
	    group:gid:perm
	    mask:perm
	    other:perm
	    default:user::perm
	    default:user:uid:perm
	    default:group::perm
	    default:group:gid:perm
	    default:mask:perm
	    default:other:perm

       The  first  "user" entry gives the permissions granted to the owner of the file.  The following "user" entries show the permissions granted
       to specific users, they are sorted in ascending order of uid.  The first "group" entry gives the permissions granted to the group owner	of
       the  file.   The following "group" entries show the permissions granted to specific groups, they are sorted in ascending order of gid.  The
       "mask" entry is the maximum permission granted to specific users or groups.  It does not affect the "owner" and "other"	permissions.   The
       "mask"  entry must be present if there are specific "user" or "group" entries.  "default" entries associated with a directory are inherited
       as access ACL by the files or sub-directories created in that directory. The umask is not used.	Sub-directories also inherit  the  default
       ACL as default ACL.  As soon as there is one default ACL entry, the 3 default ACL base entries (default user, default group, default other)
       must be present.

       The entry processing conforms to the Posix 1003.1e draft standard 17.

       path   specifies the LFC pathname.  If path does not start with /, it is prefixed by the content of the LFC_HOME environment variable.

       uid    is displayed as the username if known else as the numeric id.

       gid    is displayed as the groupname if known else as the numeric id.

       perm   is expressed as a combination of characters rwx-

OPTIONS

       -a     only display the access ACL.

       -d     only display the default ACL.

EXAMPLES

       lfc-getacl /grid/atlas/test/file.log/d2

       # file: /grid/atlas/test/file.log/d2
       # owner: baud
       # group: c3
       user::rwx
       group::r-x	       #effective:r-x
       other::r-x
       default:user::rwx
       default:group::r-x
       default:other::r-x

EXIT STATUS

       This program returns 0 if the operation was successful or >0 if the operation failed.

SEE ALSO

       Castor_limits(4), lfc_chmod(3), lfc_chown(3)

AUTHOR

       LCG Grid Deployment Team

LFC
							   $Date: 2005/03/02 08:32:12 $ 					     LFC-GETACL(1)
All times are GMT -4. The time now is 02:13 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy