We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.
So here amgr will have permission to edit the file. We want a "ftpuser1" to get write permission for the file also we dont want the user "ftpuser1" to elivate the permission to amgr.
I see by setting SUID we can set that. What I read is it will make all user that are in group where "ftpuser1" is on will get the write permission
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)
Hi,
The requirement is like,
the program needs 2 argument one is user_id and second one is directory path. My script will check if that user_id has write access to the directory path. The directory path may be in any file system like AFS or NFS.
Can any one please suggest some points to... (1 Reply)
Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter.
any body can help me to explain what is that mean?
thank's (1 Reply)
Trying to figure out the best method of security for oracle user accounts. In Solaris 10 they are set as regular users but have nologin set forcing the dev's to login as themselves and then su to the oracle users.
In Solaris11 we have the option of making it a role because RBAC is enabled but... (1 Reply)
Hi
I am trying to make a web program which is command line equivalent. i have done the coding in cgi program in perl and html for basic forms to take inputs. when i ran the program from web application i see permission denied messages. after analyzing i found apache is running as wwwrun which... (2 Replies)
In our project we have several unix scripts that trigger different processes. These scripts write logs to a particular folder 'sesslogs', create output data files in a separate directory called 'datafiles' etc. Usually L1 support team re-run these scripts . We donot want L1 support team to have... (14 Replies)
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. I do not want to assign user the same group of that directories too.... (0 Replies)
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. This is for Solaris. Please help. (1 Reply)
I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies
LEARN ABOUT CENTOS
keyctl_setperm
KEYCTL_SETPERM(3) Linux Key Management Calls KEYCTL_SETPERM(3)NAME
keyctl_setperm - Change the permissions mask on a key
SYNOPSIS
#include <keyutils.h>
long keyctl_setperm(key_serial_t key, key_perm_t perm);
DESCRIPTION
keyctl_setperm() changes the permissions mask on a key.
A process that does not have the SysAdmin capability may not change the permissions mask on a key that doesn't have the same UID as the
caller.
The caller must have setattr permission on a key to be able change its permissions mask.
The permissions mask is a bitwise-OR of the following flags:
KEY_xxx_VIEW
Grant permission to view the attributes of a key.
KEY_xxx_READ
Grant permission to read the payload of a key or to list a keyring.
KEY_xxx_WRITE
Grant permission to modify the payload of a key or to add or remove links to/from a keyring.
KEY_xxx_SEARCH
Grant permission to find a key or to search a keyring.
KEY_xxx_LINK
Grant permission to make links to a key.
KEY_xxx_SETATTR
Grant permission to change the ownership and permissions attributes of a key.
KEY_xxx_ALL
Grant all the above.
The 'xxx' in the above should be replaced by one of:
POS Grant the permission to a process that possesses the key (has it attached searchably to one of the process's keyrings).
USR Grant the permission to a process with the same UID as the key.
GRP Grant the permission to a process with the same GID as the key, or with a match for the key's GID amongst that process's Groups
list.
OTH Grant the permission to any other process.
Examples include: KEY_POS_VIEW, KEY_USR_READ, KEY_GRP_SEARCH and KEY_OTH_ALL.
User, group and other grants are exclusive: if a process qualifies in the 'user' category, it will not qualify in the 'groups' category;
and if a process qualifies in either 'user' or 'groups' then it will not qualify in the 'other' category.
Possessor grants are cumulative with the grants from the 'user', 'groups' and 'other' categories.
RETURN VALUE
On success keyctl_setperm() returns 0 . On error, the value -1 will be returned and errno will have been set to an appropriate error.
ERRORS
ENOKEY The specified key does not exist.
EKEYEXPIRED
The specified key has expired.
EKEYREVOKED
The specified key has been revoked.
EACCES The named key exists, but does not grant setattr permission to the calling process.
LINKING
This is a library function that can be found in libkeyutils. When linking, -lkeyutils should be specified to the linker.
SEE ALSO keyctl(1),
add_key(2),
keyctl(2),
request_key(2),
keyctl(3),
request-key(8)Linux 4 May 2006 KEYCTL_SETPERM(3)