Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Write privilege for user
Top Forums UNIX for Dummies Questions & Answers Write privilege for user Post 43133 by kduffin on Wednesday 12th of November 2003 01:57:25 AM
Old 11-12-2003
For the task you are trying to accomplish, you should probably used extended ACL(s).

Give some directory named ick, before adding an additional ACL:

$ ls -ld ick
-rwx------ 1 kduffin sysadmin 328 Jun 25 15:53 ick

To add the ACL for a user named keith:

$ setfacl -m u:keith:rwx,m:rwx ick

You can tell that there is an ACL by the plus sign on the listing now:

$ ls -ld ick
-rwx------+ 1 kduffin sysadmin 328 Jun 25 15:53 ick

You can see the assigned ACL(s) using getfacl

$ getfacl ick

user::rwx
user:keith:rwx #effective:rwx
group::--- #effective:---
mask:---
other:---

Hope this helps. Anytime I add extended ACL(s), I will typically add them to a script as will (setperms) so that I can quickly reset ACL(s) in the event of file or directory removal.

Cheers,

Keith
Last edited by kduffin; 11-17-2003 at 10:49 PM..
 

10 More Discussions You Might Find Interesting

1. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies

2. Shell Programming and Scripting

Find all files with group read OR group write OR user write permission

I need to find all the files that have group Read or Write permission or files that have user write permission. This is what I have so far: find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}' It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies

3. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

4. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies

5. Solaris

what privilege to assign for user to cancel or disable print queue?

OS Version: Sun Solaris version 9 Other than root, we need operation to manage printer queue by using following command: lprm -P cancel enable/disable What privilege should be given? Pls advise. Thank you. (4 Replies)
Discussion started by: KhawHL
4 Replies

6. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies

7. AIX

sudo - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Discussion started by: Daniel Gate
9 Replies

8. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

9. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

10. Solaris

Assigning proc_owner privilege to particular user in RBAC

Hi I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this. Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies

LEARN ABOUT SUSE

revoke

REVOKE(7)							   SQL Commands 							 REVOKE(7)

NAME

       REVOKE - remove access privileges

SYNOPSIS

       REVOKE [ GRANT OPTION FOR ]
	   { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
	   [,...] | ALL [ PRIVILEGES ] }
	   ON [ TABLE ] tablename [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { { SELECT | INSERT | UPDATE | REFERENCES } ( column [, ...] )
	   [,...] | ALL [ PRIVILEGES ] ( column [, ...] ) }
	   ON [ TABLE ] tablename [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { { USAGE | SELECT | UPDATE }
	   [,...] | ALL [ PRIVILEGES ] }
	   ON SEQUENCE sequencename [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
	   ON DATABASE dbname [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { USAGE | ALL [ PRIVILEGES ] }
	   ON FOREIGN DATA WRAPPER fdwname [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { USAGE | ALL [ PRIVILEGES ] }
	   ON FOREIGN SERVER servername [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { EXECUTE | ALL [ PRIVILEGES ] }
	   ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { USAGE | ALL [ PRIVILEGES ] }
	   ON LANGUAGE langname [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
	   ON SCHEMA schemaname [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ GRANT OPTION FOR ]
	   { CREATE | ALL [ PRIVILEGES ] }
	   ON TABLESPACE tablespacename [, ...]
	   FROM { [ GROUP ] rolename | PUBLIC } [, ...]
	   [ CASCADE | RESTRICT ]

       REVOKE [ ADMIN OPTION FOR ]
	   role [, ...] FROM rolename [, ...]
	   [ CASCADE | RESTRICT ]

DESCRIPTION

       The REVOKE command revokes previously granted privileges from one or more roles. The key word PUBLIC refers to the implicitly defined group
       of all roles.

       See the description of the GRANT [grant(7)] command for the meaning of the privilege types.

       Note that any particular role will have the sum of privileges granted directly to it, privileges granted to any role it is presently a mem-
       ber of, and privileges granted to PUBLIC. Thus, for example, revoking SELECT privilege from PUBLIC does not necessarily mean that all roles
       have lost SELECT privilege on the object: those who have it granted directly or via another role will still have  it.  Similarly,  revoking
       SELECT from a user might not prevent that user from using SELECT if PUBLIC or another membership role still has SELECT rights.

       If GRANT OPTION FOR is specified, only the grant option for the privilege is revoked, not the privilege itself.	Otherwise, both the privi-
       lege and the grant option are revoked.

       If a user holds a privilege with grant option and has granted it to other users then the privileges held by those other	users  are  called
       dependent  privileges.  If  the privilege or the grant option held by the first user is being revoked and dependent privileges exist, those
       dependent privileges are also revoked if CASCADE is specified; if it is not, the revoke action will fail. This  recursive  revocation  only
       affects	privileges  that  were	granted through a chain of users that is traceable to the user that is the subject of this REVOKE command.
       Thus, the affected users might effectively keep the privilege if it was also granted through other users.

       When revoking privileges on a table, the corresponding column privileges (if any) are automatically revoked on each column of the table, as
       well.

       When  revoking membership in a role, GRANT OPTION is instead called ADMIN OPTION, but the behavior is similar.  Note also that this form of
       the command does not allow the noise word GROUP.

NOTES

       Use psql(1)'s dp command to display the privileges granted on existing tables and columns. See GRANT [grant(7)] for information about  the
       format. For non-table objects there are other d commands that can display their privileges.

       A  user	can  only  revoke  privileges  that were granted directly by that user. If, for example, user A has granted a privilege with grant
       option to user B, and user B has in turned granted it to user C, then user A cannot revoke the privilege directly from C.  Instead, user  A
       could  revoke  the  grant  option  from user B and use the CASCADE option so that the privilege is in turn revoked from user C. For another
       example, if both A and B have granted the same privilege to C, A can revoke his own grant but not B's grant, so C  will	still  effectively
       have the privilege.

       When  a	non-owner  of  an object attempts to REVOKE privileges on the object, the command will fail outright if the user has no privileges
       whatsoever on the object. As long as some privilege is available, the command will proceed, but it will revoke only  those  privileges  for
       which  the  user  has  grant  options. The REVOKE ALL PRIVILEGES forms will issue a warning message if no grant options are held, while the
       other forms will issue a warning if grant options for any of the privileges specifically named in the command are not held.  (In  principle
       these statements apply to the object owner as well, but since the owner is always treated as holding all grant options, the cases can never
       occur.)

       If a superuser chooses to issue a GRANT or REVOKE command, the command is performed as though it were issued by the owner of  the  affected
       object.	Since all privileges ultimately come from the object owner (possibly indirectly via chains of grant options), it is possible for a
       superuser to revoke all privileges, but this might require use of CASCADE as stated above.

       REVOKE can also be done by a role that is not the owner of the affected object, but is a member of the role that owns the object, or  is  a
       member  of  a role that holds privileges WITH GRANT OPTION on the object. In this case the command is performed as though it were issued by
       the containing role that actually owns the object or holds the privileges WITH GRANT OPTION. For example, if table t1 is owned by role  g1,
       of which role u1 is a member, then u1 can revoke privileges on t1 that are recorded as being granted by g1.  This would include grants made
       by u1 as well as by other members of role g1.

       If the role executing REVOKE holds privileges indirectly via more than one role membership path, it is unspecified  which  containing  role
       will  be  used  to  perform  the  command. In such cases it is best practice to use SET ROLE to become the specific role you want to do the
       REVOKE as. Failure to do so might lead to revoking privileges other than the ones you intended, or not revoking anything at all.

EXAMPLES

       Revoke insert privilege for the public on table films:

       REVOKE INSERT ON films FROM PUBLIC;

       Revoke all privileges from user manuel on view kinds:

       REVOKE ALL PRIVILEGES ON kinds FROM manuel;

       Note that this actually means ``revoke all privileges that I granted''.

       Revoke membership in role admins from user joe:

       REVOKE admins FROM joe;

COMPATIBILITY

       The compatibility notes of the GRANT [grant(7)] command apply analogously to REVOKE.  The keyword RESTRICT or CASCADE is required according
       to the standard, but PostgreSQL assumes RESTRICT by default.

SEE ALSO

       GRANT [grant(7)]

SQL - Language Statements					    2010-05-14								 REVOKE(7)
All times are GMT -4. The time now is 04:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy