Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to handle build user access/permissions?
Top Forums UNIX for Advanced & Expert Users How to handle build user access/permissions? Post 303012320 by bakunin on Friday 2nd of February 2018 05:51:04 AM
Old 02-02-2018
Here are some general considerations/suggestions. To be more specific is too much dependant on the specific setting in your shop which is hard to appreciate from afar.

First, identify all the necessary roles and what they need to be allowed. You have already started that but you need that in more detail. Do not only define one role ("srv_user") but also the other roles necessary: i.e. "tester", "admin", ...

Only then sort through these specifications and see where they are different. i.e.:

Basic role "user": right1, right2, right3
Role "tester": like "user", but also right4, right5
Role "srv_user": like "tester" plus right6, right7, right8
etc..

This will give you a basic layout for a group hierarchy and which right should go to which group.

A few caveats: it is quite modern to use "ACLs" instead of classic UNIX privileges. This is a great way of getting yourself into deep kimchi beyond all means of maintenance. Experience shows that you end up (usually more sooner than later) with a heap of rights without any structure and no one knows or understands what is going on. Avoid that at all cost, even if it might appeal to you at first. In the long run it tends to be more a problem than a solution. A good (long-term!) solution is not one that does what you want but one that is also easy to understand and painless to maintain.

Have a look at "sudo", but do NOT overuse it! It is often possible to make up for planning deficiencies by overusage of a tool. In practically all cases this is a very bad idea in the long run. If an implementation looks cumbersome rather plan better than undergo the effort of the implementation.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

root access on sun os and permissions

Currently have root access to our own boxes on site. HQ wants to take root access away from us. What does root access provide that is unavailable for users as it is essential for us to keep local control. We log in as users but have su for special needs. On all other os boxes we have admin... (2 Replies)
Discussion started by: allinone
2 Replies

2. AIX

Strange error with file access permissions

All, I am trying to copy some data from /admin/reports/Sept/ccn/c_ivsstr01 to /home/users/myhomedir and I am getting an error I have never seen before: The file access permissions do not allow the specified action. The permissions on the file are -rw-r--r-- and I am the owner of the file... (3 Replies)
Discussion started by: kjbaumann
3 Replies

3. UNIX for Dummies Questions & Answers

Side-Effect of write access permissions for a subdirectory

Hi Unix Gurus, I'm a newbie to unix and need some help from you. I'm going to give full access (777) to a subdirectory to an FTP account. Let's say the subdirectory is /usr/local/dir1/dir2/dir3 There are files in dir1, say a.txt b.cfg c.xml Will this account be able to access... (3 Replies)
Discussion started by: xinu299
3 Replies

4. UNIX for Dummies Questions & Answers

Setting permissions and restricting access

Hi all, I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories /home/Z/OP/OP1 and /home/Z/OP2. I want to restrict access for Z to only access /home/Z/OP and /home/Z/OP1 and /home/Z/OP2. What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies

5. Shell Programming and Scripting

script to change the access permissions of the files

Hi, I want to change the access permissions of the files whose extension is same.For example *.c but these are inside a directory and inside that other directory is there and it contains the .c files..for example-- So my aim is to search the files under src and change the access permissions... (3 Replies)
Discussion started by: smartgupta
3 Replies

6. Solaris

user permissions

hi i want to display the usernames,usergroups user permissions and user home directory's with in a single command.and possibities are their for getting this output .. (9 Replies)
Discussion started by: tv.praveenkumar
9 Replies

7. UNIX for Advanced & Expert Users

file access permissions

Hi everybody, following is the scenario; OS HP UX 11.23 two users: # id bodi uid=109(bodi) gid=20(users) groups=1(other),2(bin),3(sys),106(oinstall) # id ossmed uid=121(ossmed) gid=20(users) umask 077 directory name /home/mydir directory permissions drwxrwxrwx requirement: to... (1 Reply)
Discussion started by: ajays
1 Replies

8. OS X (Apple)

Change access permissions

I purchased a 2TB hard drive, split it into two partitions, and formatted it as NTFS. I want to use the drive on my pc and my mac. How can I change the access permissions so Mac OS 10.4.11 will let me write to the drive? I tried this: $ chmod +a "admin allow write" /volumes/V2_Mac chmod:... (3 Replies)
Discussion started by: Me&MyMac
3 Replies

9. Linux

Permissions and access to data

Hi Operating system Red Hat Enterprise 5.8, Data access Mac/PC environment on various OS levels. Access via smb I am trying to set up a data shared area where a user group can read and write to its own directory, but can only write to another groups directory. Example: I have set up two... (1 Reply)
Discussion started by: treds
1 Replies

10. UNIX for Dummies Questions & Answers

Access permissions chmod 606

Hi All I am running Ubuntu linux flavour. I need provide multiple users belonging to the same group access to a dir where they can write files but are not supposed to remove or rename files. users outside the group should be able to read and write to the dir. i have set the permission of... (7 Replies)
Discussion started by: Simza
7 Replies

LEARN ABOUT PLAN9

dh_fixperms

DH_FIXPERMS(1)							     Debhelper							    DH_FIXPERMS(1)

NAME

       dh_fixperms - fix permissions of files in package build directories

SYNOPSIS

       dh_fixperms [debhelperoptions] [-Xitem]

DESCRIPTION

       dh_fixperms is a debhelper program that is responsible for setting the permissions of files and directories in package build directories to
       a sane state -- a state that complies with Debian policy.

       dh_fixperms makes all files in usr/share/doc in the package build directory (excluding files in the examples/ directory) be mode 644. It
       also changes the permissions of all man pages to mode 644. It removes group and other write permission from all files. It removes execute
       permissions from any libraries, headers, Perl modules, or desktop files that have it set. It makes all files in the standard bin and sbin
       directories, usr/games/ and etc/init.d executable (since v4). Finally, it removes the setuid and setgid bits from all files in the package.

       When the Rules-Requires-Root field has the (effective) value of binary-targets, dh_fixperms will also reset the ownership of all paths to
       "root:root".

OPTIONS

       -Xitem, --exclude item
	   Exclude files that contain item anywhere in their filename from having their permissions changed. You may use this option multiple
	   times to build up a list of things to exclude.

SEE ALSO

       debhelper(7)

       This program is a part of debhelper.

AUTHOR

       Joey Hess <joeyh@debian.org>

11.1.6ubuntu2							    2018-05-10							    DH_FIXPERMS(1)
All times are GMT -4. The time now is 11:26 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy