|
|
Sponsored Content
07-13-2001
Administrator
Andy asks:
Yes, one way to do it is to write a small script (command) that reads the current directory; gets the owner and group information of a file that is an argument to the script. The script may have to be set SUID with ownership root. This is not very secure, but you asked 'is it possible?' The more complex the security requirements, the more involved.
You might also do it any other number of ways, using ACL front ends, perl scripts, a simple C program, etc.
The easiest way to do it, if you are worried about security is to have the administrator with root privs do it
Or, you can find some complex ACL program; but based on what you have offered as your requirements, this still seems to be a lot of trouble for something quite basic.
If I had a system that had a user or user process creating files I would not want the scripts to have any ability to write or give ownership to the file to another user unless the user was in the same group. If the issue was with many files, I would look at creating a process to do this.
However, without understanding the purpose of the server, the nature of the processes, the relationship of users to the processes, the production environment and security implications and risk; it is not reasonable to give a simplistic answer.
Everything is possible in UNIX and there is no one way to do anything
Quote:
is it possible to have a user x create a file, which will have the ownership and group rights of the directory it is created in ?
You might also do it any other number of ways, using ACL front ends, perl scripts, a simple C program, etc.
The easiest way to do it, if you are worried about security is to have the administrator with root privs do it
Or, you can find some complex ACL program; but based on what you have offered as your requirements, this still seems to be a lot of trouble for something quite basic.
If I had a system that had a user or user process creating files I would not want the scripts to have any ability to write or give ownership to the file to another user unless the user was in the same group. If the issue was with many files, I would look at creating a process to do this.
However, without understanding the purpose of the server, the nature of the processes, the relationship of users to the processes, the production environment and security implications and risk; it is not reasonable to give a simplistic answer.
Everything is possible in UNIX and there is no one way to do anything
|
|
10 More Discussions You Might Find Interesting
1. Programming
I need to compile a file,but 'make' does
not work.please tell me how to use it or
need which tools? (3 Replies)
Discussion started by: dsun5
3 Replies
2. Shell Programming and Scripting
I wonder how I shall read the result below, especially 'what'
shown below.
The result was shown when I entered 'w'.
E.g what is TOP? What is gosh ( what does selmgr mean?)?
login@ idle JCPU PCPU what
6:15am 7:04 39 39 TOP
6:34am 6:45 45 45 TOP
6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies
3. UNIX for Dummies Questions & Answers
Hi, guys, I have a big problem.
I've got a sun solaris 4.1.4 workstation, and the /var/adm/message file will add one row every few seconds. It becomes a large file in a short time.
I wander if there are some mistakes configuring the workstation.
the /var/adm/message is as follow:
... (3 Replies)
Discussion started by: cloudsmell
3 Replies
4. UNIX for Dummies Questions & Answers
echo 'it's friday'
why appear the > (3 Replies)
Discussion started by: yls177
3 Replies
5. UNIX for Advanced & Expert Users
Somehow someone created a file named '-ov' in the root directory.
Given the name, the how was probably the result of some cpio command they bozo'ed.
I've tried a number of different ways to get rid of it using * and ? wildcards, '\' escape patterns etc.. They all fail with " illegal option --... (3 Replies)
Discussion started by: GSalisbury
3 Replies
6. Shell Programming and Scripting
Hopefully this doesn't come off as too much of a "newbie" question or a flamebait. But I have recently begun working with a Sun Solaris box after having spent the past five years working with RedHat. From what i can tell, thing look fairly similar and the 'man' command is some help. But I've... (7 Replies)
Discussion started by: deckard
7 Replies
7. Linux
Hi,
while setting access control list I am getting error "Operation NOt Supported"
Example :user A wants full access on test directory /home/user B/test, I dont want to add in secondary group bcz group has read permission, (1 Reply)
Discussion started by: manoj.solaris
1 Replies
8. AIX
Hi,
I want to know how to set acl in aix via smitty and shell prompt, wheather we needs to install additional packages. (0 Replies)
Discussion started by: manoj.solaris
0 Replies
9. UNIX for Dummies Questions & Answers
Folks;
How can i setup ACL in Apache so i can give a group of users (defined by their emails (all users under *@red.com) access to a web page? (10 Replies)
Discussion started by: moe2266
10 Replies
10. UNIX for Beginners Questions & Answers
Folks,
Solaris 10 issue
When I add a new directory to a path, I only get the "group@" line in the ACL
The parent directory ACL is
drwxrws---+ 12 root teama 12 Jul 18 10:31 .
owner@:rwxp-DaARWc---:------:allow
group@:rwxp-DaARWc--s:fd----:allow
... (0 Replies)
Discussion started by: wilberforce
0 Replies
LEARN ABOUT DEBIAN
calife
CALIFE(1) BSD General Commands Manual CALIFE(1) NAME
calife -- becomes root (or another user) legally. SYNOPSIS
calife [-] [login] or ... [-] [login] for some sites (check with your administrator). DESCRIPTION
Calife requests user's own password for becoming login (or root, if no login is provided), and switches to that user and group ID after veri- fying proper rights to do so. A shell is then executed. If calife is executed by root, no password is requested and a shell with the appro- priate user ID is executed. The invoked shell is the user's own except when a shell is specified in the configuration file calife.auth. If ``-'' is specified on the command line, user's profile files are read as if it was a login shell. This is not the traditional behavior of su. Only users specified in calife.auth can use calife to become another one with this method. You can specify in the calife.auth file the list of logins allowed for users when using calife. See calife.auth(5) for more details. calife.auth is installed as /etc/calife.auth. FILES
/etc/calife.auth List of users authorized to use calife and the users they can become. /etc/calife.out This script is executed just after getting out of calife. SEE ALSO
su(1), calife.auth(5), group(5), environ(7) ENVIRONMENT
The original environment is kept. This is not a security problem as you have to be yourself at login (i.e. it does not have the same security implications as in su(1) ). Environment variables used by calife: HOME Default home directory of real user ID. PATH Default search path of real user ID unless modified as specified above. TERM Provides terminal type which may be retained for the substituted user ID. USER The user ID is always the effective ID (the target user ID) after an su unless the user ID is 0 (root). BUGS
The MD5-based crypt(3) function is slower and probably stronger than the DES-based one but it is usable only among FreeBSD 2.0+ systems. HISTORY
A calife command appeared in DG/UX, written for Antenne 2 in 1991. It has evolved considerably since this period with more OS support, user lists handling and improved logging. PAM support was introduced in 2005 to port it to MacOS X variants (Panther and up). AUTHOR
Ollivier Robert <roberto@keltia.freenix.fr> BSD
September 25, 1994 BSD