Granting access to specific user on a 700 file Post: 303043093

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Granting access to specific user on a 700 file Post 303043093 by Peasant on Saturday 18th of January 2020 01:50:43 AM

01-18-2020

Moderator

Check out this example, and apply it to your enviroment.

Code:

[root@box ~]# id goprog
uid=1000(goprog) gid=1000(goprog) groups=1000(goprog)
[root@box ~]# id jboss
uid=666(jboss) gid=666(jboss) groups=666(jboss)
[root@box ~]# ls -dl /opt/jboss
drwx------. 4 jboss jboss 282 Jan 18 07:41 /opt/jboss
[root@box ~]# su - goprog
Last login: Sat Jan 18 07:41:45 CET 2020 on pts/0
[goprog@box ~]$ cd /opt/jboss
-bash: cd: /opt/jboss: Permission denied
[goprog@box ~]$ exit
logout
[root@box ~]# setfacl -R -m user:goprog:rwx /opt/jboss
[root@box ~]# su - goprog
Last login: Sat Jan 18 07:43:52 CET 2020 on pts/0
[goprog@box ~]$ cd /opt/jboss
[goprog@box jboss]$ cp domain.xml domain.xml_new
[goprog@box jboss]$ ls -lrt
total 176824
drwxrwxr-x+ 12 jboss  jboss        255 Jan  5  2019 wildfly-15.0.1.Final_rbacfail
drwxrwxr-x+ 12 jboss  jboss        255 Jan  5  2019 wildfly-15.0.1.Final
-rw-rwxr--+  1 jboss  jboss  180827189 Jan  7  2019 wildfly-15.0.1.Final.zip
lrwxrwxrwx.  1 jboss  jboss         20 May 18  2019 current -> wildfly-15.0.1.Final
-rw-rwxr--+  1 jboss  jboss     113390 May 18  2019 domain.xml
-rw-rwxr--.  1 goprog goprog    113390 Jan 18 07:45 domain.xml_new
[goprog@box jboss]$

Hope that helps
Regards
Peasant.

These 2 Users Gave Thanks to Peasant For This Post:

Peasant

View Public Profile for Peasant

Find all posts by Peasant

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Granting User Access

I have two users, user1 and defaultuser. Whenever i logon to my unix session from a remote machine i log into defaultuser. Inside this "defaultuser" i have some setup files that i need to run from the other user that i have created myself i.e. "user1". The problem is even granting the ownership of...

2. AIX

Granting folder access

Hello, I need to allow a user the ability to create files in a directory that is owned by another user/group. How can I do this? Thank you. AIX version: 5.3.0.0 ~David

3. UNIX for Dummies Questions & Answers

granting permission to file/directory to a specific user

hello, I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user. I have tried this 'chmod -U newUser+wrx...

4. Solaris

create user with RWX access to a specific directory in Solaris 10

I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that? Thanks

5. Shell Programming and Scripting

User access to only specific subdirectory

is is possible to grant user access to only one subdirectory? example a. create ftp user with read/write/delete access (ftp user doesnt belong to uguys group) $ cd /etc/mydir $ls file1 file2 $ls -al -rw-rw-r-x 2 unixguy uguys 96 Dec 8 12:53 file1 -rw-rw-r-x 2 unixguy uguys 96...

6. UNIX for Dummies Questions & Answers

Granting user permission for public_html

I have problem giving user access to his public_html directory. While when I am logged as root I can access my files by going to www.myserver.com/file.htmlwhere file.html is actually on this path... var/www/file.htmlBut when user tries to access his file.html on this path.... ~user/file.html it...

7. UNIX for Advanced & Expert Users

allow user to use sudo cp on a specific directory and only a specific file

Is there a way to allow a user to use sudo cp on a specific directory and only a specific file?

8. Solaris

Limit FTP user's access to a specific directory

Hi, I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest.

9. Solaris

Limit bash/sh user's access to a specific directory

Hello Team, I have Solaris 10 u6 I have a user test1 using bash that belong to the group staff. I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories. How can I do it ? Thanks in advance

LEARN ABOUT PLAN9

securenet

SECURENET(8)						      System Manager's Manual						      SECURENET(8)

NAME

       securenet - Digital Pathways SecureNet Key remote authentication box

DESCRIPTION

       The  SecureNet  box is used to authenticate connections to Plan 9 from a foreign system such as a Unix machine or plain terminal.  The box,
       which looks like a calculator, performs DES encryption with a key held in its memory.  Another copy of the key is kept on  the  authentica-
       tion server.  Each box is protected from unauthorized use by a four digit PIN.

       When  the  system requires SecureNet authentication, it prompts with a numerical challenge.  The response is compared to one generated with
       the key stored on the authentication server.  Respond as follows:

       Turn on the box and enter your PIN at the EP prompt, followed by the ENT button.  Enter the challenge at Ed  prompt,  again  followed  ENT.
       Then  type  to Plan 9 the response generated by the box.  If you make a mistake at any time, reset the box by pressing ON.  The authentica-
       tion server compares the response generated by the box to one computed internally.  If they match, the user is accepted.

       The box will lose its memory if given the wrong PIN five times in succession or if its batteries are removed.

       To reprogram it, type a 4 at the E0 prompt.

       At the E1 prompt, enter your key, which consists of eight three-digit octal numbers.  While you are entering these digits, the box displays
       a  number  ranging  from 1 to 8 on the left side of the display.  This number corresponds to the octal number you are entering, and changes
       when you enter the first digit of the next number.

       When you are done entering your key, press ENT twice.

       At the E2 prompt, enter a PIN for the box.

       After you confirm by retyping the PIN at the E3 prompt, you can use the box as normal.

       You can change the PIN using the following procedure.  First, turn on the box and enter your current PIN at the EP prompt.  Press ENT three
       times; this will return you to the EP prompt.  Enter your PIN again, followed by ENT; you should see a Ed prompt with a - on the right side
       of the display.	Enter a 0 and press ENT.  You should see the E2 prompt; follow the instructions above for entering a PIN.

       The SecureNet box performs the same encryption as the netcrypt routine (see encrypt(2)).  The entered challenge, a decimal number between 0
       and  100000,  is  treated  as a text string with trailing binary zero fill to 8 bytes.  These 8 bytes are encrypted with the DES algorithm.
       The first four bytes are printed on the display as hexadecimal numbers.	However, when set up as described, the box does not print hexadec-
       imal  digits greater than 9.  Instead, it prints a 2 for an A, B, or C, and a 3 for a D, E, or F.  If a 5 rather than a 4 is entered at the
       E0 print, the hexadecimal digits are printed.  This is not recommended, as letters are too easily confused with	digits	on  the  SecureNet
       display.

SEE ALSO

       encrypt(2), auth(2)
       Digital Pathways, Mountain View, California

BUGS

       The box is too clumsy.  If carried in a pocket, it can turn itself on and wear out the batteries.

																      SECURENET(8)