Read only access for Group called "Developers" to all folders on the Centos 6.6
Linux Gurus,
I need to provide Read only access for particular group of users, they should have Read only access to entire server except their Home directory.
I tried using setfacl that's not helping. Can you please suggest is there any other alternate way to address this request.
Your help is highly appreciated, Thank you.
I would not allow users to have read only access to every file on the server. This would imply sweeping changes. Why not identify the collection of files they need access too and consider using the other/world field. Why didn't acl's work?
A note: there are other directories that require world write access - as an example, whatever directories the TMPDIR environment variable points to. You will break things by turning that access off for 'developers' without accomodating those kinds of requirements.
In other words - do not shoot yourself in the foot with this.
Ok: why is setfacl 'not helping'? Please explain exactly what the probelm is.
I would consider having sudo rule written to allow them to run a script that you control. That script could then look at whatever files you think are appropriate for them, but stop them having direct access or blanket access.
You don't want them reading just everything, such as the encrypted passwords, private ssh keys (might make ssh fail anyway), process maps, raw devices etc.
Thank you @blackrageous and @Jim for responding back.
@Jim, I came up with a solution for this.
They have their rwx to their home directory, I found /tmp is the only directory has universal rwx access, which I can setfacl for /tmp to Developers group. any ways they don't have write access to other files and directories other than /tmp for now.
Setfacl didn't help earlier because I thought I can run this command
this command clocking the user to login, Can we exclude his home directory at least?
Now I applied
Please suggest if this looks ok, if not I need to find out other alternate way here, Thanks
Last edited by Corona688; 09-10-2015 at 01:20 PM..
To keep the forums high quality for all users, please take the time to format your posts correctly.
First of all, use Code Tags when you post any code or data samples so others can easily read your code. You can easily do this by highlighting your code and then clicking on the # in the editing menu. (You can also type code tags [code] and [/code] by hand.)
Second, avoid adding color or different fonts and font size to your posts. Selective use of color to highlight a single word or phrase can be useful at times, but using color, in general, makes the forums harder to read, especially bright colors like red.
Third, be careful when you cut-and-paste, edit any odd characters and make sure all links are working property.
Thank You.
The UNIX and Linux Forums
These 2 Users Gave Thanks to Corona688 For This Post:
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
I want to print any matching IP addresse in List1 with List 2;
List 1
List of IP addresses;
161.85.58.210
250.57.15.129
217.23.162.249
74.76.129.101
30.221.177.237
3.147.200.59
170.58.142.64
127.65.109.33
150.167.242.146
223.3.20.186
25.181.180.99
2.55.199.32 (3 Replies)
Hi,
Could anyone please shed some light on the following script lines and what is it doing as it was written by an ex-administrator?
cat $AMS/version|read a b verno d
DBVer=$(/usr/bin/printf "%7s" $verno)
I checked that the cat $AMS/version command returns following output:
... (10 Replies)
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Hallo,
i need a Prompting read in my script:
read -p "Enter your command: " command
But i always get this Error:
-p: is not an identifier
When I run these in c-shell i get this error
/usr/bin/read: read: bad option(s)
How can I use a Prompt in the read command? (9 Replies)
Hi,
I was trying to call "script <an ip add>" command from .profile file to log everything whenever anyone logs in to this user. I did the following at the end of .profile. 1) Extracted the IP address who logged in 2) Called script < ip add> . The problem I am facing is all, aliases etc. written... (3 Replies)
Hi,
I issue smbclient on a Linux REd hat server :
smbclient -L ***.16.0.42 -U domaine/Administrator
Password:
Domain= OS= Server=
Domain= OS= Server=
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC distant
... (0 Replies)
Dears,
I've written a script which allows me to send mails in different formats with different attaches. Now I still want to add a feature to this script. My users would like to be able to receive a "read" or "delivered" receipt for their mails.
The script send mails on behalve of an specific... (1 Reply)