02-02-2018
Here are some general considerations/suggestions. To be more specific is too much dependant on the specific setting in your shop which is hard to appreciate from afar.
First, identify all the necessary roles and what they need to be allowed. You have already started that but you need that in more detail. Do not only define one role ("srv_user") but also the other roles necessary: i.e. "tester", "admin", ...
Only then sort through these specifications and see where they are different. i.e.:
Basic role "user": right1, right2, right3
Role "tester": like "user", but also right4, right5
Role "srv_user": like "tester" plus right6, right7, right8
etc..
This will give you a basic layout for a group hierarchy and which right should go to which group.
A few caveats: it is quite modern to use "ACLs" instead of classic UNIX privileges. This is a great way of getting yourself into deep kimchi beyond all means of maintenance. Experience shows that you end up (usually more sooner than later) with a heap of rights without any structure and no one knows or understands what is going on. Avoid that at all cost, even if it might appeal to you at first. In the long run it tends to be more a problem than a solution. A good (long-term!) solution is not one that does what you want but one that is also easy to understand and painless to maintain.
Have a look at "sudo", but do NOT overuse it! It is often possible to make up for planning deficiencies by overusage of a tool. In practically all cases this is a very bad idea in the long run. If an implementation looks cumbersome rather plan better than undergo the effort of the implementation.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Currently have root access to our own boxes on site. HQ wants to take root access away from us.
What does root access provide that is unavailable for users as it is essential for us to keep local control.
We log in as users but have su for special needs.
On all other os boxes we have admin... (2 Replies)
Discussion started by: allinone
2 Replies
2. AIX
All,
I am trying to copy some data from /admin/reports/Sept/ccn/c_ivsstr01 to /home/users/myhomedir and I am getting an error I have never seen before:
The file access permissions do not allow the specified action.
The permissions on the file are -rw-r--r-- and I am the owner of the file... (3 Replies)
Discussion started by: kjbaumann
3 Replies
3. UNIX for Dummies Questions & Answers
Hi Unix Gurus,
I'm a newbie to unix and need some help from you.
I'm going to give full access (777) to a subdirectory to an FTP account.
Let's say the subdirectory is
/usr/local/dir1/dir2/dir3
There are files in dir1, say
a.txt
b.cfg
c.xml
Will this account be able to access... (3 Replies)
Discussion started by: xinu299
3 Replies
4. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
5. Shell Programming and Scripting
Hi,
I want to change the access permissions of the files whose extension is same.For example *.c but these are inside a directory and inside that other directory is there and it contains the .c files..for example--
So my aim is to search the files under src and change the access permissions... (3 Replies)
Discussion started by: smartgupta
3 Replies
6. Solaris
hi
i want to display the usernames,usergroups user permissions and user home directory's with in a single command.and possibities are their for getting this output .. (9 Replies)
Discussion started by: tv.praveenkumar
9 Replies
7. UNIX for Advanced & Expert Users
Hi everybody,
following is the scenario;
OS HP UX 11.23
two users:
# id bodi
uid=109(bodi) gid=20(users) groups=1(other),2(bin),3(sys),106(oinstall)
# id ossmed
uid=121(ossmed) gid=20(users)
umask
077
directory name /home/mydir
directory permissions drwxrwxrwx
requirement: to... (1 Reply)
Discussion started by: ajays
1 Replies
8. OS X (Apple)
I purchased a 2TB hard drive, split it into two partitions, and formatted it as NTFS. I want to use the drive on my pc and my mac. How can I change the access permissions so Mac OS 10.4.11 will let me write to the drive?
I tried this:
$ chmod +a "admin allow write" /volumes/V2_Mac
chmod:... (3 Replies)
Discussion started by: Me&MyMac
3 Replies
9. Linux
Hi
Operating system Red Hat Enterprise 5.8, Data access Mac/PC environment on various OS levels. Access via smb
I am trying to set up a data shared area where a user group can read and write to its own directory, but can only write to another groups directory.
Example:
I have set up two... (1 Reply)
Discussion started by: treds
1 Replies
10. UNIX for Dummies Questions & Answers
Hi All
I am running Ubuntu linux flavour.
I need provide multiple users belonging to the same group access to a dir where they can write files but are not supposed to remove or rename files. users outside the group should be able to read and write to the dir.
i have set the permission of... (7 Replies)
Discussion started by: Simza
7 Replies
LEARN ABOUT DEBIAN
scan-view
SCAN-VIEW(1) SCAN-VIEW(1)
NAME
scan-view
scan-view(1) -- The clang(1) static analyzer results viewer.
SYNOPSIS
scan-view options results directory
DESCRIPTION
scan-view a companion comannd line utility to scan-build(1), scan-view is used to view analysis results generated by scan-build(1). There
is an option that one can pass to scan-build to cause scan-view to run as soon as it the analysis of a build completes
OPTIONS
-h, --help
show the help message and exit.
--host=HOST
Host interface to listen on. (default=127.0.0.1)
--port=PORT
Port to listen on. (default=8181)
--debug
Print additional debugging information.
--auto-reload
Automatically update module for each request.
--no-browser
Don't open a webbrowser on startup.
--allow-all-hosts
Allow connections from any host (access restricted to "127.0.0.1" by default)
AUTHORS
Maintained by the Clang / LLVM Team http://clang.llvm.org.
This manual page was written by Ermenegildo Fiorito fiorito.g@gmail.com for the Debian Project.
SEE ALSO
clang(1) scan-build(1) http://clang-analyzer.llvm.org
December 2010 SCAN-VIEW(1)