07-13-2001
Andy asks:
Quote:
is it possible to have a user x create a file, which will have the ownership and group rights of the directory it is created in ?
Yes, one way to do it is to write a small script (command) that reads the current directory; gets the owner and group information of a file that is an argument to the script. The script may have to be set SUID with ownership root. This is not very secure, but you asked 'is it possible?' The more complex the security requirements, the more involved.
You might also do it any other number of ways, using ACL front ends, perl scripts, a simple C program, etc.
The easiest way to do it, if you are worried about security is to have the administrator with root privs do it
Or, you can find some complex ACL program; but based on what you have offered as your requirements, this still seems to be a lot of trouble for something quite basic.
If I had a system that had a user or user process creating files I would not want the scripts to have any ability to write or give ownership to the file to another user unless the user was in the same group. If the issue was with many files, I would look at creating a process to do this.
However, without understanding the purpose of the server, the nature of the processes, the relationship of users to the processes, the production environment and security implications and risk; it is not reasonable to give a simplistic answer.
Everything is possible in UNIX and there is no one way to do anything
10 More Discussions You Might Find Interesting
1. Programming
I need to compile a file,but 'make' does
not work.please tell me how to use it or
need which tools? (3 Replies)
Discussion started by: dsun5
3 Replies
2. Shell Programming and Scripting
I wonder how I shall read the result below, especially 'what'
shown below.
The result was shown when I entered 'w'.
E.g what is TOP? What is gosh ( what does selmgr mean?)?
login@ idle JCPU PCPU what
6:15am 7:04 39 39 TOP
6:34am 6:45 45 45 TOP
6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies
3. UNIX for Dummies Questions & Answers
Hi, guys, I have a big problem.
I've got a sun solaris 4.1.4 workstation, and the /var/adm/message file will add one row every few seconds. It becomes a large file in a short time.
I wander if there are some mistakes configuring the workstation.
the /var/adm/message is as follow:
... (3 Replies)
Discussion started by: cloudsmell
3 Replies
4. UNIX for Dummies Questions & Answers
echo 'it's friday'
why appear the > (3 Replies)
Discussion started by: yls177
3 Replies
5. UNIX for Advanced & Expert Users
Somehow someone created a file named '-ov' in the root directory.
Given the name, the how was probably the result of some cpio command they bozo'ed.
I've tried a number of different ways to get rid of it using * and ? wildcards, '\' escape patterns etc.. They all fail with " illegal option --... (3 Replies)
Discussion started by: GSalisbury
3 Replies
6. Shell Programming and Scripting
Hopefully this doesn't come off as too much of a "newbie" question or a flamebait. But I have recently begun working with a Sun Solaris box after having spent the past five years working with RedHat. From what i can tell, thing look fairly similar and the 'man' command is some help. But I've... (7 Replies)
Discussion started by: deckard
7 Replies
7. Linux
Hi,
while setting access control list I am getting error "Operation NOt Supported"
Example :user A wants full access on test directory /home/user B/test, I dont want to add in secondary group bcz group has read permission, (1 Reply)
Discussion started by: manoj.solaris
1 Replies
8. AIX
Hi,
I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies
9. UNIX for Dummies Questions & Answers
Folks;
How can i setup ACL in Apache so i can give a group of users (defined by their emails (all users under *@red.com) access to a web page? (10 Replies)
Discussion started by: moe2266
10 Replies
10. UNIX for Beginners Questions & Answers
Folks,
Solaris 10 issue
When I add a new directory to a path, I only get the "group@" line in the ACL
The parent directory ACL is
drwxrws---+ 12 root teama 12 Jul 18 10:31 .
owner@:rwxp-DaARWc---:------:allow
group@:rwxp-DaARWc--s:fd----:allow
... (0 Replies)
Discussion started by: wilberforce
0 Replies
getacl(1) General Commands Manual getacl(1)
NAME
getacl - list access control lists (ACLs) for files (JFS File Systems only)
SYNOPSIS
file...
DESCRIPTION
For each argument that is a regular file, special file, or named pipe, displays the owner, group, and the Access Control List (ACL). For
each directory argument, displays the owner, group, and the ACL and/or the default ACL. Only directories contain default ACLs.
With the option specified, the filename, owner, group, and the ACL of the file will be displayed. With the option specified, the filename,
owner, group, and the default ACL of the file, if it exists, will be displayed. With options not specified, the filename, owner, group,
and both the ACL, and the default ACL, if it exists, will be displayed.
This command may be executed on a file system that does not support ACLs. It will report the ACL consisting of only the owning user, own-
ing group, class and other entries, based on the permission bits.
When multiple files are specified on the command line, a blank line will separate the ACL for each file.
Options
The command recognizes the following options:
Displays the filename, owner, group, and the ACL of the specified file.
Displays the the filename, owner, group, and the default
ACL of the file, if it exists.
Operands
The command recognizes the following operand:
file The file or directory from which retrieves the access control information.
ACL Format
The format of an ACL is:
The first three lines show the filename, the file owner, and the file owning group. Note that when only the option is specified, and the
file has no default ACL, only these three lines will be displayed.
The entry without a user ID indicates the permissions that will be granted to the owner of the file. One or more additional entries indi-
cate the permissions that will be granted to the specified users. The entry without a group identifier indicates the permissions that will
be granted to the owning group of the file. One or more additional entries indicate the permissions that will be granted to the specified
groups. The entry indicates the permissions that will be granted to others.
The entries and may only exist for directories, and indicate the default user, group, and other entries that will be added to a file cre-
ated within the directory.
The uid is a login name, or a user ID if there is no entry for the uid in the system's password file; gid is a group name, or a group ID if
there is no entry for the gid in the system's group file; and perm is a three character string composed of the letters representing the
separate discretionary access rights: (read), (write), (execute/search), or the placeholder character The perm will be displayed in the
following order: If a permission is not granted by an ACL entry, the placeholder character will appear.
The ACL entries will be displayed in the order in which they will be evaluated when an access check is performed. The default ACL entries
that may exist on a directory have no effect on access checks.
The file owner permission bits represent the access that the owning user ACL entry has. The file group class permission bits represent the
most access that any additional user entry, additional group entry, or the owning group entry may grant. The file other permission bits
represent the access that the other ACL entry has. If a user invokes the command and changes the file group class permission bits, the
access granted by the additional ACL entries may be restricted.
In order to indicate that the file group class permission bits restrict an ACL entry, will display, after each affected entry, text in the
form , where perm will show only the permissions actually granted.
EXAMPLES
Given file with an ACL six entries long, the command
would print:
Given file with an ACL six entries long, after the command was issued, the command
would print:
Given directory with an ACL containing default entries, the command
would print:
Given directory the command
would print:
NOTICES
The output from will be in the correct format for input to the command. If the output from is redirected to a file, the file may be used
as input to In this way, a user may easily assign one file's ACL to another file.
FILES
for user IDs
for group IDs
SEE ALSO
chmod(1), ls(1), setacl(1). acl(2), aclsort(3C).
getacl(1)