Restrict user access Post: 302583883

Login or Register to Ask a Question and Join Our Community

Sponsored Content

Operating Systems Linux Red Hat Restrict user access Post 302583883 by verdepollo on Wednesday 21st of December 2011 01:37:10 PM

Old

12-21-2011

Registered User

Sometimes ACL support is defined on the superblock, even if /proc/partitions, /etc/mtab, /etc/fstab, tune2fs, etc do not explicitly report ACL support.

What's the output of:

Code:

dumpe2fs /dev/sda8 | grep -i 'mount options'

verdepollo

View Public Profile for verdepollo

Find all posts by verdepollo

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

restrict tcp-port access

Hi Is there any way to restrict the TCP-IP port usage. I want to restrict TCP-IP port 1500/1550 to the oracle osuser. Tanks in advance. Remi

2. HP-UX

How to restrict a user group to access the kernel

Hi, Please any one can help me to know that how we can restrict a user group to access the kernel at all.

3. Red Hat

restrict access of a user to two directories only

Hi all, I am using RHEL 5.0 I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory. I do not want to change his login shell which is ksh or bash by default. Moreover, he should not even have read access of other directories. ...

4. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not...

5. UNIX for Dummies Questions & Answers

Restrict user access to their home dir

Hi! i'm using FreeBSD 6.2 and hosting my pc to frens in particular of sensitive information being saved to the PC, i would like to know is it possible for me to restrict user access to their /home dir. only? and also, i wanted to restrict them listing files under /etc thanks all!

6. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7

7. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too....

8. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance.

9. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a...

10. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at...

LEARN ABOUT DEBIAN

lfc-setacl

LFC-SETACL(1)							 LFC User Commands						     LFC-SETACL(1)

NAME

       lfc-setacl - set LFC directory/file access control lists

SYNOPSIS

       lfc-setacl [-d] [-m] [-s] acl_entries path...

DESCRIPTION

       lfc-setacl sets the Access Control List associated with a LFC directory/file.

       acl_entries is a comma separated list of entries. Each entry has colon separated fields: ACL type, id (uid or gid), permission. Only direc-
       tories can have default ACL entries.

       The entries look like:

	    user::perm
	    user:uid:perm
	    group::perm
	    group:gid:perm
	    mask:perm
	    other:perm
	    default:user::perm
	    default:user:uid:perm
	    default:group::perm
	    default:group:gid:perm
	    default:mask:perm
	    default:other:perm

       The ACL type can be abbreviated to the first letter.  The first "user" entry gives the permissions granted to the owner of the  file.   The
       following  "user"  entries  show  the  permissions granted to specific users, they are sorted in ascending order of uid.  The first "group"
       entry gives the permissions granted to the group owner of the file.  The following "group" entries show the permissions granted to specific
       groups,	they  are  sorted  in ascending order of gid.  The "mask" entry is the maximum permission granted to specific users or groups.	It
       does not affect the "owner" and "other" permissions.  The "mask" entry must be present if there are specific  "user"  or  "group"  entries.
       "default"  entries  associated  with a directory are inherited as access ACL by the files or sub-directories created in that directory. The
       umask is not used.  Sub-directories also inherit the default ACL as default ACL.  As soon as there is one default ACL entry, the 3  default
       ACL base entries (default user, default group, default other) must be present.

       The entry processing conforms to the Posix 1003.1e draft standard 17.

       The effective user ID of the process must match the owner of the file or the caller must have ADMIN privilege in the Cupv database.

       path   specifies the LFC pathname.  If path does not start with /, it is prefixed by the content of the LFC_HOME environment variable.

       uid    can be given as the username or the corresponding numeric id.

       gid    can be given as the groupname or the corresponding numeric id.

       perm   can be expressed as a combination of characters rwx- or as a value between 0 and 7.

OPTIONS

       -d     remove ACL entries. The "perm" field is ignored.

       -m     modify existing ACL entries or add new entries.

       -s     set the ACL entries. The complete set of ACL entries is replaced.

EXAMPLES

       Let's create a directory:
	    lfc-mkdir /grid/atlas/test/file.log/d6
       and add write permission for user bcouturi:
	    lfc-setacl -m u:bcouturi:rwx,m:rwx /grid/atlas/test/file.log/d6
       Let's create a directory:
	    lfc-mkdir /grid/atlas/test/file.log/d7
       and add default ACLs to it:
	    lfc-setacl -m d:u::7,d:g::7,d:o:5 /grid/atlas/test/file.log/d7
       Let's check the resulting ACLs:
	    lfc-getacl /grid/atlas/test/file.log/d7
       # file: /grid/atlas/test/file.log/d7
       # owner: baud
       # group: c3
       user::rwx
       group::r-x	       #effective:r-x
       other::r-x
       default:user::rwx
       default:group::rwx
       default:other::r-x

       Let's create a sub-directory and check the resulting ACLs:
	    lfc-mkdir /grid/atlas/test/file.log/d7/d2
	    lfc-getacl /grid/atlas/test/file.log/d7/d2
       # file: /grid/atlas/test/file.log/d7/d2
       # owner: baud
       # group: c3
       user::rwx
       group::rwx	       #effective:rwx
       other::r-x
       default:user::rwx
       default:group::rwx
       default:other::r-x

       Let's create a file in the same directory and check the resulting ACLs:
	    lfc-touch /grid/atlas/test/file.log/d7/f2
	    lfc-getacl /grid/atlas/test/file.log/d7/f2
       # file: /grid/atlas/test/file.log/d7/f2
       # owner: baud
       # group: c3
       user::rw-
       group::rw-	       #effective:rw-
       other::r--

EXIT STATUS

       This program returns 0 if the operation was successful or >0 if the operation failed.

SEE ALSO

       Castor_limits(4), lfc_chmod(3), lfc_chown(3), Cupvlist(1)

AUTHOR

       LCG Grid Deployment Team

LFC
							   $Date: 2003/08/26 06:21:13 $ 					     LFC-SETACL(1)