02-02-2018
Here are some general considerations/suggestions. To be more specific is too much dependant on the specific setting in your shop which is hard to appreciate from afar.
First, identify all the necessary roles and what they need to be allowed. You have already started that but you need that in more detail. Do not only define one role ("srv_user") but also the other roles necessary: i.e. "tester", "admin", ...
Only then sort through these specifications and see where they are different. i.e.:
Basic role "user": right1, right2, right3
Role "tester": like "user", but also right4, right5
Role "srv_user": like "tester" plus right6, right7, right8
etc..
This will give you a basic layout for a group hierarchy and which right should go to which group.
A few caveats: it is quite modern to use "ACLs" instead of classic UNIX privileges. This is a great way of getting yourself into deep kimchi beyond all means of maintenance. Experience shows that you end up (usually more sooner than later) with a heap of rights without any structure and no one knows or understands what is going on. Avoid that at all cost, even if it might appeal to you at first. In the long run it tends to be more a problem than a solution. A good (long-term!) solution is not one that does what you want but one that is also easy to understand and painless to maintain.
Have a look at "sudo", but do NOT overuse it! It is often possible to make up for planning deficiencies by overusage of a tool. In practically all cases this is a very bad idea in the long run. If an implementation looks cumbersome rather plan better than undergo the effort of the implementation.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Currently have root access to our own boxes on site. HQ wants to take root access away from us.
What does root access provide that is unavailable for users as it is essential for us to keep local control.
We log in as users but have su for special needs.
On all other os boxes we have admin... (2 Replies)
Discussion started by: allinone
2 Replies
2. AIX
All,
I am trying to copy some data from /admin/reports/Sept/ccn/c_ivsstr01 to /home/users/myhomedir and I am getting an error I have never seen before:
The file access permissions do not allow the specified action.
The permissions on the file are -rw-r--r-- and I am the owner of the file... (3 Replies)
Discussion started by: kjbaumann
3 Replies
3. UNIX for Dummies Questions & Answers
Hi Unix Gurus,
I'm a newbie to unix and need some help from you.
I'm going to give full access (777) to a subdirectory to an FTP account.
Let's say the subdirectory is
/usr/local/dir1/dir2/dir3
There are files in dir1, say
a.txt
b.cfg
c.xml
Will this account be able to access... (3 Replies)
Discussion started by: xinu299
3 Replies
4. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
5. Shell Programming and Scripting
Hi,
I want to change the access permissions of the files whose extension is same.For example *.c but these are inside a directory and inside that other directory is there and it contains the .c files..for example--
So my aim is to search the files under src and change the access permissions... (3 Replies)
Discussion started by: smartgupta
3 Replies
6. Solaris
hi
i want to display the usernames,usergroups user permissions and user home directory's with in a single command.and possibities are their for getting this output .. (9 Replies)
Discussion started by: tv.praveenkumar
9 Replies
7. UNIX for Advanced & Expert Users
Hi everybody,
following is the scenario;
OS HP UX 11.23
two users:
# id bodi
uid=109(bodi) gid=20(users) groups=1(other),2(bin),3(sys),106(oinstall)
# id ossmed
uid=121(ossmed) gid=20(users)
umask
077
directory name /home/mydir
directory permissions drwxrwxrwx
requirement: to... (1 Reply)
Discussion started by: ajays
1 Replies
8. OS X (Apple)
I purchased a 2TB hard drive, split it into two partitions, and formatted it as NTFS. I want to use the drive on my pc and my mac. How can I change the access permissions so Mac OS 10.4.11 will let me write to the drive?
I tried this:
$ chmod +a "admin allow write" /volumes/V2_Mac
chmod:... (3 Replies)
Discussion started by: Me&MyMac
3 Replies
9. Linux
Hi
Operating system Red Hat Enterprise 5.8, Data access Mac/PC environment on various OS levels. Access via smb
I am trying to set up a data shared area where a user group can read and write to its own directory, but can only write to another groups directory.
Example:
I have set up two... (1 Reply)
Discussion started by: treds
1 Replies
10. UNIX for Dummies Questions & Answers
Hi All
I am running Ubuntu linux flavour.
I need provide multiple users belonging to the same group access to a dir where they can write files but are not supposed to remove or rename files. users outside the group should be able to read and write to the dir.
i have set the permission of... (7 Replies)
Discussion started by: Simza
7 Replies
LEARN ABOUT PLAN9
dh_fixperms
DH_FIXPERMS(1) Debhelper DH_FIXPERMS(1)
NAME
dh_fixperms - fix permissions of files in package build directories
SYNOPSIS
dh_fixperms [debhelperoptions] [-Xitem]
DESCRIPTION
dh_fixperms is a debhelper program that is responsible for setting the permissions of files and directories in package build directories to
a sane state -- a state that complies with Debian policy.
dh_fixperms makes all files in usr/share/doc in the package build directory (excluding files in the examples/ directory) be mode 644. It
also changes the permissions of all man pages to mode 644. It removes group and other write permission from all files. It removes execute
permissions from any libraries, headers, Perl modules, or desktop files that have it set. It makes all files in the standard bin and sbin
directories, usr/games/ and etc/init.d executable (since v4). Finally, it removes the setuid and setgid bits from all files in the package.
When the Rules-Requires-Root field has the (effective) value of binary-targets, dh_fixperms will also reset the ownership of all paths to
"root:root".
OPTIONS
-Xitem, --exclude item
Exclude files that contain item anywhere in their filename from having their permissions changed. You may use this option multiple
times to build up a list of things to exclude.
SEE ALSO
debhelper(7)
This program is a part of debhelper.
AUTHOR
Joey Hess <joeyh@debian.org>
11.1.6ubuntu2 2018-05-10 DH_FIXPERMS(1)