|
|
Sponsored Content
07-13-2001
Administrator
Andy asks:
Yes, one way to do it is to write a small script (command) that reads the current directory; gets the owner and group information of a file that is an argument to the script. The script may have to be set SUID with ownership root. This is not very secure, but you asked 'is it possible?' The more complex the security requirements, the more involved.
You might also do it any other number of ways, using ACL front ends, perl scripts, a simple C program, etc.
The easiest way to do it, if you are worried about security is to have the administrator with root privs do it
Or, you can find some complex ACL program; but based on what you have offered as your requirements, this still seems to be a lot of trouble for something quite basic.
If I had a system that had a user or user process creating files I would not want the scripts to have any ability to write or give ownership to the file to another user unless the user was in the same group. If the issue was with many files, I would look at creating a process to do this.
However, without understanding the purpose of the server, the nature of the processes, the relationship of users to the processes, the production environment and security implications and risk; it is not reasonable to give a simplistic answer.
Everything is possible in UNIX and there is no one way to do anything
Quote:
is it possible to have a user x create a file, which will have the ownership and group rights of the directory it is created in ?
You might also do it any other number of ways, using ACL front ends, perl scripts, a simple C program, etc.
The easiest way to do it, if you are worried about security is to have the administrator with root privs do it
Or, you can find some complex ACL program; but based on what you have offered as your requirements, this still seems to be a lot of trouble for something quite basic.
If I had a system that had a user or user process creating files I would not want the scripts to have any ability to write or give ownership to the file to another user unless the user was in the same group. If the issue was with many files, I would look at creating a process to do this.
However, without understanding the purpose of the server, the nature of the processes, the relationship of users to the processes, the production environment and security implications and risk; it is not reasonable to give a simplistic answer.
Everything is possible in UNIX and there is no one way to do anything
|
|
10 More Discussions You Might Find Interesting
1. Programming
I need to compile a file,but 'make' does
not work.please tell me how to use it or
need which tools? (3 Replies)
Discussion started by: dsun5
3 Replies
2. Shell Programming and Scripting
I wonder how I shall read the result below, especially 'what'
shown below.
The result was shown when I entered 'w'.
E.g what is TOP? What is gosh ( what does selmgr mean?)?
login@ idle JCPU PCPU what
6:15am 7:04 39 39 TOP
6:34am 6:45 45 45 TOP
6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies
3. UNIX for Dummies Questions & Answers
Hi, guys, I have a big problem.
I've got a sun solaris 4.1.4 workstation, and the /var/adm/message file will add one row every few seconds. It becomes a large file in a short time.
I wander if there are some mistakes configuring the workstation.
the /var/adm/message is as follow:
... (3 Replies)
Discussion started by: cloudsmell
3 Replies
4. UNIX for Dummies Questions & Answers
echo 'it's friday'
why appear the > (3 Replies)
Discussion started by: yls177
3 Replies
5. UNIX for Advanced & Expert Users
Somehow someone created a file named '-ov' in the root directory.
Given the name, the how was probably the result of some cpio command they bozo'ed.
I've tried a number of different ways to get rid of it using * and ? wildcards, '\' escape patterns etc.. They all fail with " illegal option --... (3 Replies)
Discussion started by: GSalisbury
3 Replies
6. Shell Programming and Scripting
Hopefully this doesn't come off as too much of a "newbie" question or a flamebait. But I have recently begun working with a Sun Solaris box after having spent the past five years working with RedHat. From what i can tell, thing look fairly similar and the 'man' command is some help. But I've... (7 Replies)
Discussion started by: deckard
7 Replies
7. Linux
Hi,
while setting access control list I am getting error "Operation NOt Supported"
Example :user A wants full access on test directory /home/user B/test, I dont want to add in secondary group bcz group has read permission, (1 Reply)
Discussion started by: manoj.solaris
1 Replies
8. AIX
Hi,
I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies
9. UNIX for Dummies Questions & Answers
Folks;
How can i setup ACL in Apache so i can give a group of users (defined by their emails (all users under *@red.com) access to a web page? (10 Replies)
Discussion started by: moe2266
10 Replies
10. UNIX for Beginners Questions & Answers
Folks,
Solaris 10 issue
When I add a new directory to a path, I only get the "group@" line in the ACL
The parent directory ACL is
drwxrws---+ 12 root teama 12 Jul 18 10:31 .
owner@:rwxp-DaARWc---:------:allow
group@:rwxp-DaARWc--s:fd----:allow
... (0 Replies)
Discussion started by: wilberforce
0 Replies
LEARN ABOUT DEBIAN
lfc-chgrp
LFC-CHGRP(1) LFC User Commands LFC-CHGRP(1) NAME
lfc-chgrp - change group ownership of a LFC directory/file in the name server SYNOPSIS
lfc-chgrp [-h] [-R] group path... DESCRIPTION
lfc-chgrp sets the group ownership of a LFC directory/file in the name server to the value of group. To change the group ID, the effective user ID of the process must match the owner ID of the file and the new group must be in the list of groups the caller belong to or the caller must have ADMIN privilege in the Cupv database. group is either a valid group name or a valid numeric ID. path specifies the LFC pathname. If path does not start with /, it is prefixed by the content of the LFC_HOME environment variable. OPTIONS
The following options are supported: -h If path is a symbolic link, changes the ownership of the link itself. -R Recursive mode. EXIT STATUS
This program returns 0 if the operation was successful or >0 if the operation failed. SEE ALSO
Castor_limits(4), lfc_chown(3), Cupvlist(1) AUTHOR
LCG Grid Deployment Team LFC
$Date: 2007/01/13 10:35:39 $ LFC-CHGRP(1)