I have an application user on my system that wants accesses to these file systems as such:
rwx:
/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R
r:
/usr/sap
these are the existing FS permissionswnerships:
the user:
so how do i go by providing user ZODCIFUSR access to the file systems stated above without setting ACLs on the system? (or is ACLs the only way to do it?)
right now, he's in group 0, so he can pretty much access all the FS but this is just a temp workaround
I was thinking of adding the user to supplementary groups on which the FS are grouped (i.e. sapsys, ODCgrp)
please help, if ACLs is the way to do it, please let me know because i am not very good with the commands
From the looks of the list, it seems everybody has access (read access at least) to those files, not just "ZODCIFUSR".
Anyway, you can remove that user from GID 0 and it should still work fine since most of the folders also belong to GID 200.
The only "problem" I see is with /usr/sap. Either you take away permissions from the whole group and make ZODCIFUSR a member of secondary group "sapsys", or you use ACLs.
I thought of the same thing, there's no reason giving fancy restriction to the user unless he's removed from group 0, and ACL does have mysterious ways working with permissions and maskings
If I were to use ACLs, say to allow user ZODCIFUSR to have read only access for directory and files under /usr/sap, how would the command be? Is this correct?
Also I did a bit of Googling and it says that the permissions and ownerships are inherited; even after using mv or cp -p command. Is this true?
Before you can assign an ACL, you have to make sure that the filesystem supports them:
If you run mount you may also get the details. There should be an "acl" option somewhere in the mount options.
If it does not support ACLs, you can always remount the filesystem:
Having said so, your ACL command is almost correct:
When an ACLs (POSIX ACL) is set on a directory, all new files created inside inherit the default ACL. If for some reason you want to copy a file that has an ACL to a directory that does not use ACLs, both cp -p and mv will preserve the original ACL.
Last edited by verdepollo; 12-20-2011 at 04:59 PM..
This User Gave Thanks to verdepollo For This Post:
Thank you verdepollo, I checked my disks and the partition, none of them even show any output when i run the tune2fs -l command (output shows the result for one of the disk)
none of the existing FS on the system is ACL supported, as per mount command
I doubt the client will agree with remounting the FS with acl mount option, but would it possible to create ACL anyways, without the FS mount options being ADL enabled? What would be the consequences to this?
Thanks again for the full command, I've always been wary of ACLs
---------- Post updated at 06:45 PM ---------- Previous update was at 06:27 PM ----------
So I tested this on my test server, but the weird thing is when I did mount, all the other FS but /tmp is acl enabled, even after manually enabling acl for /tmp
check out the FS in blue, they were acl enabled all along
attempting to set /tmp acl enabled failed:
nonetheless, attempting to set user test with read permissions for /tmp worked
oh by the way, the test machine I play around is a suse linux machine
Sometimes ACL support is defined on the superblock, even if /proc/partitions, /etc/mtab, /etc/fstab, tune2fs, etc do not explicitly report ACL support.
I'm trying to use squid to restrict elinks' access to certain websites(only http traffic).
I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :)
---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Hi Folks,
Please help me. I am bit struck here.
Here is the OS info.
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
I have a... (17 Replies)
Hi
I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders.
/export/home/kapil/shared,
/export/home/kapil/shared/Folder1
/export/home/kapil/shared/Folder2
These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Hi All!
I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses).
OS : Red hat linux
Thanks!
nua7 (6 Replies)
Hi!
i'm using FreeBSD 6.2 and hosting my pc to frens
in particular of sensitive information being saved to the PC, i would like to know is it possible for me to restrict user access to their /home dir. only?
and also, i wanted to restrict them listing files under /etc
thanks all! (10 Replies)
Hi All,
It will be very great if you can help me in this issue. Thanks in advance.
I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Hi all,
I am using RHEL 5.0
I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory.
I do not want to change his login shell which is ksh or bash by default.
Moreover, he should not even have read access of other directories.
... (10 Replies)
Hi
Is there any way to restrict the TCP-IP port usage.
I want to restrict TCP-IP port 1500/1550 to the oracle osuser.
Tanks in advance.
Remi (2 Replies)