Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Granting User Access
Top Forums UNIX for Dummies Questions & Answers Granting User Access Post 62573 by RTM on Thursday 17th of February 2005 09:32:41 AM
Old 02-17-2005
Take a look at the permissions on the home directory of defaultuser - you may need to open it so user1 can access it. Be aware that if you open it, you may be opening it to allow other users to do the same thing. Check out the man page for chmod and chgrp.
 

9 More Discussions You Might Find Interesting

1. AIX

Granting folder access

Hello, I need to allow a user the ability to create files in a directory that is owned by another user/group. How can I do this? Thank you. AIX version: 5.3.0.0 ~David (4 Replies)
Discussion started by: dkranes
4 Replies

2. UNIX for Dummies Questions & Answers

granting permission to file/directory to a specific user

hello, I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user. I have tried this 'chmod -U newUser+wrx... (2 Replies)
Discussion started by: run123
2 Replies

3. AIX

User access

Is there any way I can restrict a user to 1 directory when logging in but give the access to another directory? For example restrict the user to /home/user at login but also allow then to access /opt/data/user. (1 Reply)
Discussion started by: daveisme
1 Replies

4. AIX

sudo user access

I have installed sudo on AIX 6100-04 and want to know how do I set it up for a user to be able to run only some commands? I want to give the user the rights to only cd to certain directories and run the ls command to name a few? Are there any issues with running sudo when the user is forced to... (2 Replies)
Discussion started by: daveisme
2 Replies

5. UNIX for Dummies Questions & Answers

Granting user permission for public_html

I have problem giving user access to his public_html directory. While when I am logged as root I can access my files by going to www.myserver.com/file.htmlwhere file.html is actually on this path... var/www/file.htmlBut when user tries to access his file.html on this path.... ~user/file.html it... (10 Replies)
Discussion started by: joker40
10 Replies

6. Shell Programming and Scripting

Removing user access using user id

I have multiple .prm files that contain user ID's. The .prm files reside in multiple directories that allow users access to different areas of the system. (see below) current directory /apps/fourgen/accounting/menu drwxrwxrwx 16 phil infotech 512 Sep 7 2002 apmenu... (8 Replies)
Discussion started by: jamba1
8 Replies

7. UNIX for Advanced & Expert Users

Need help about user access

Hi frds, I have got a script restart.sh that kills and restarts a process. This scripts runs under a user called USER1 who is a normal user. Now my requirement is that i got other user named USER2 who should be able to run that script as USER1 as we dont want to share the password of user1 we... (2 Replies)
Discussion started by: phanidhar6039
2 Replies

8. UNIX for Advanced & Expert Users

Setfacl and granting permissions to a group and its members on a directory

Hi! I created a group HACKERS and made the user "demo" its member. $ id demo uid=500(demo) gid=500(demo) groups=500(demo),502(HACKERS) $ Next, I granted read and execute permissions to the group "HACKERS" on /var/log/httpd as shown below: setfacl -m "g:HACKERS:r-x"... (2 Replies)
Discussion started by: indiansoil
2 Replies

9. UNIX for Advanced & Expert Users

Granting access to specific user on a 700 file

Hello, I have a a directory dir1 with permissions 700 (yes wantedly) and is owned by user1:group1 rwx------ user1 group1 dir1I need to give permissions to user2 (belongs to group2) on dir1 and its files, so I granted the permissions using setfacl ; instead of adding the user to groups and... (3 Replies)
Discussion started by: karumudi7
3 Replies

LEARN ABOUT DEBIAN

bindfs

BINDFS(1)						      General Commands Manual							 BINDFS(1)

NAME

       bindfs - mount --bind in user-space

SYNOPSIS

       bindfs [options] dir mountpoint

DESCRIPTION

       A  FUSE filesystem for mirroring the contents of a directory to another directory. Additionally, one can change the permissions of files in
       the mirrored directory.

FILE OWNERSHIP

       -u, --user, --owner=user, -o owner=...
	      Makes all files owned by the specified user.  Also causes chown on the mounted filesystem to always fail.

       -g, --group=group, -o group=...
	      Makes all files owned by the specified group.  Also causes chgrp on the mounted filesystem to always fail.

       -p, --perms=permissions, -o perms=...
	      Takes a comma- or colon-separated list of chmod-like permission specifications to be applied to the permission bits in  order.   See
	      PERMISSION SPECIFICATION below for details.

	      This  only  affects  how	the  permission bits of existing files are altered when shown in the mounted directory. You can use --cre-
	      ate-with-perms to change the permissions that newly created files get in the source directory.

	      Note that, as usual, the root user isn't bound by the permissions set here.  You can get a truly read-only mount by using -r.

       -m, --mirror=user1:user2:..., -o mirror=...
	      Takes a comma- or colon-separated list of users who will see themselves as the owners of all files. Users who are  not  listed  here
	      will still be able to access the mount if the permissions otherwise allow them to.

	      You can also give a group name prefixed with an '@' to mirror all members of a group. This will not change which group the files are
	      shown to have.

       -M, --mirror-only=user1:user2:..., -o mirror-only=...
	      Like --mirror but disallows access for all other users (except root).

       --map=user1/user2:@group1/@group2:..., -o map=...
	      Given a mapping user1/user2, all files owned by user1 are shown as owned by user2. When user2 creates files,  they  are  chowned	to
	      user1  in  the  underlying  directory. When files are chowned to user2, they are chowned to user1 in the underlying directory. Works
	      similarly for groups.

	      A single user or group may appear no more than once on the left and once on the right of a slash in  the	list  of  mappings.   Cur-
	      rently,  the  options --user, --group, --mirror, --create-for-*, --chown-* and --chgrp-* override the corresponding behavior of this
	      option.

	      Requires mounting as root.

FILE CREATION POLICY

       New files and directories are created so they are owned by the mounter.	bindfs can let this happen (the default for normal users),  or	it
       can  try  to  change  the owner to the uid/gid of the process that wants to create the file (the default for root).  It is also possible to
       have bindfs try to change the owner to a particular user or group.

       --create-as-user, -o create-as-user
	      Tries to change the owner and group of new files and directories to the uid and gid of the caller. This can work only if the mounter
	      is root.	It is also the default behavior (mimicing mount --bind) if the mounter is root.

       --create-as-mounter, -o create-as-mounter
	      All new files and directories will be owned by the mounter.  This is the default behavior for non-root mounters.

       --create-for-user=user, -o create-for-user=...
	      Tries to change the owner of new files and directories to the user specified here.  This can work only if the mounter is root.  This
	      option overrides the --create-as-user and --create-as-mounter options.

       --create-for-group=group, -o create-for-group=...
	      Tries to change the owning group of new files and directories to the group specified here.  This can work only  if  the  mounter	is
	      root.  This option overrides the --create-as-user and --create-as-mounter options.

       --create-with-perms=permissions, -o create-with-perms=...
	      Works  like --perms but is applied to the permission bits of new files get in the source directory.  Normally the permissions of new
	      files depend on the creating process's preferences and umask.  This option can be used to modify those permissions or override  them
	      completely.  See PERMISSION SPECIFICATION below for details.

CHOWN
/CHGRP POLICY
       The behaviour on chown/chgrp calls can be changed. By default they are passed through to the source directory even if bindfs is set to show
       a fake owner/group. A chown/chgrp call will only succeed if the user has enough mirrored permissions to chmod the  mirrored  file  AND  the
       mounter has enough permissions to chmod the real file.

       --chown-normal, -o chown-normal
	      Tries to chown the underlying file. This is the default.

       --chown-ignore, -o chown-ignore
	      Lets  chown  succeed  (if the user has enough mirrored permissions) but actually does nothing. A combined chown/chgrp is effectively
	      turned into a chgrp-only request.

       --chown-deny, -o chown-deny
	      Makes chown always fail with a 'permission denied' error.  A combined chown/chgrp request will fail as well.

       --chgrp-normal, -o chgrp-normal
	      Tries to chgrp the underlying file. This is the default.

       --chgrp-ignore, -o chgrp-ignore
	      Lets chgrp succeed (if the user has enough mirrored permissions) but actually does nothing. A combined  chown/chgrp  is  effectively
	      turned into a chown-only request.

       --chgrp-deny, -o chgrp-deny
	      Makes chgrp always fail with a 'permission denied' error.  A combined chown/chgrp request will fail as well.

CHMOD POLICY

       Chmod calls are forwarded to the source directory by default.  This may cause unexpected behaviour if bindfs is altering permission bits.

       --chmod-normal, -o chmod-normal
	      Tries  to  chmod	the  underlying file. This will succeed if the user has the appropriate mirrored permissions to chmod the mirrored
	      file AND the mounter has enough permissions to chmod the real file.  This is the default (in order to behave like  mount	--bind	by
	      default).

       --chmod-ignore, -o chmod-ignore
	      Lets chmod succeed (if the user has enough mirrored permissions) but actually does nothing.

       --chmod-deny, -o chmod-deny
	      Makes chmod always fail with a 'permission denied' error.

       --chmod-allow-x, -o chmod-allow-x
	      Allows setting and clearing the executable attribute on files (but not directories). When used with --chmod-ignore, chmods will only
	      affect execute bits on files and changes to other bits are discarded.  With --chmod-deny, all chmods  that  would  change  any  bits
	      except excecute bits on files will still fail with a 'permission denied'.  This option does nothing with --chmod-normal.

XATTR POLICY

       Extended attributes are mirrored by default, though not all underlying file systems support xattrs.

       --xattr-none, -o xattr-none
	      Disable extended attributes altogether. All operations will return 'Operation not supported'.

       --xattr-ro, -o xattr-ro
	      Let extended attributes be read-only.

       --xattr-rw, -o xattr-rw
	      Let  extended  attributes  be read-write (the default).  The read/write permissions are checked against the (possibly modified) file
	      permissions inside the mount.

MISCELLANEOUS OPTIONS

       -h, --help
	      Displays a help message and exits.

       -V, --version
	      Displays version information and exits.

       -n, --no-allow-other, -o no-allow-other
	      Does not add -o allow_other to FUSE options.  This causes the mount to be accessible only by the current user.

       --realistic-permissions, -o realistic-permissions
	      Hides read/write/execute permissions for a mirrored file when the mounter doesn't have read/write/execute access to  the	underlying
	      file.  Useless when mounting as root, since root will always have full access.

	      (Prior  to  version  1.10  this option was the default behavior.	I felt it violated the principle of least surprise badly enough to
	      warrant a small break in backwards-compatibility.)

       --ctime-from-mtime, -o ctime-from-mtime
	      Recall that a unix file has three standard timestamps: atime (last access i.e. read time), mtime (last  content  modification  time)
	      ctime (last content or metadata (inode) change time)

	      With  this  option,  the	ctime  of  each file and directory is read from its mtime.  In other words, only content modifications (as
	      opposed to metadata changes) will be reflected in a mirrored file's ctime.  The underlying file's ctime will still be  updated  nor-
	      mally.

       --hide-hard-links, -o hide-hard-links
	      Shows the hard link count of all files as 1.

FUSE OPTIONS

       -o options
	      Fuse options.

       -r, -o ro
	      Make  the mount strictly read-only.  This even prevents root from writing to it.	If this is all you need, then (since Linux 2.6.26)
	      you can get a more efficent mount with mount --bind and then mount -o remount,ro.

       -d, -o debug
	      Enable debug output (implies -f).

       -f     Foreground operation.

       -s     Disable multithreaded operation. bindfs should be thread-safe.

PERMISSION SPECIFICATION

       The -p option takes a comma- or colon-separated list of either octal numeric permission bits or symbolic representations of permission  bit
       operations.  The symbolic representation is based on that of the  chmod(1) command.  setuid, setgid and sticky bits are ignored.

       This program extends the chmod symbolic representation with the following operands:

       `D' (right hand side)
	   Works like X but applies only to directories (not to executables).

       `d' and `f' (left hand side)
	   Makes this directive only apply to directories (d) or files (f).
	   e.g. gd-w would remove the group write bit from all directories.

       `u', `g', `o' (right hand side)
	   Uses the user (u), group (g) or others (o) permission bits of
	   the original file.
	   e.g. g=u would copy the user's permission bits to the group.
		ug+o would add the others' permissions to the owner and group.

       Examples

       o-rwx  Removes all permission bits from others.

       g=rD   Allows group to read all files and enter all directories, but nothing else.

       0644,a+X
	      Sets permission bits to 0644 and adds the execute bit for everyone to all directories and executables.

       og-x:og+rD:u=rwX:g+rw
	      Removes execute bit for others and group, adds read and directory execute for others and group, sets user permissions to read, write
	      and execute directory/executable, adds read and write for group.

EXAMPLES


       bindfs -u www -g nogroup -p 0000,u=rD ~/mywebsite ~/public_html/mysite

	      Publishes a website in public_html so that only the 'www' user can read the site.

       bindfs -M foo,bar,1007,@mygroup -p 0600,u+X dir mnt

	      Gives access to 'foo', 'bar', the user with the UID 1007 as well as everyone in the group 'mygroup'. Sets  the  permission  bits	to
	      0600, thus giving the specified users read/write access, and adds the user execute bit for directories and executables.

       bindfs -ono-allow-other,perms=a-w somedir somedir

	      Makes a directory read-only and accessable only by the current user.

       bindfs#/home/bob/shared /var/www/shared/bob fuse perms=0000:u+rD 0 0

	      An example /etc/fstab entry. Note that the colon must be used to separate arguments to perms, because the comma is an option separa-
	      tor in /etc/fstab.

NOTES

       Setuid and setgid bits have no effect inside the mount.	This is a necessary security feature of FUSE.

       MacFuse caches file contents by default.  This means that changes in source files are not always immediately visible under the mount point.
       -o nolocalcaches can be used to disable the cache.

BUGS

       Please report to the issue tracker on the project home page at http://code.google.com/p/bindfs/

AUTHOR

       Martin Partel <martin dot partel at gmail dot com>

SEE ALSO

       chmod(1), fusermount(1)

																	 BINDFS(1)
All times are GMT -4. The time now is 06:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy