10 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
Hi,
Is there any safe method to provide read access to root's crontab to another user? Just read no other permissions. (1 Reply)
Discussion started by: ctrld
1 Replies
2. Programming
Hi All,
I would like to know how the valgrind find the runtime allocation related issues?such as the below
invalid read of size 4.
Invalid write of size 4.
Even the size of memory is known at runtime,valgrind reports this
I am asking this since i got an issue which is trying to access... (0 Replies)
Discussion started by: SA_Palani
0 Replies
3. Solaris
Hi All,
I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration.
Regards,
Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies
4. Shell Programming and Scripting
Hi
I am new to writing script and want to use a Bash Piped while-read and read from user input.
if something happens on server.log then do while loop or if something happend on user input then do while loop.
Pseudocode something like:
tail -n 3 -f server.log | while read serverline || read... (8 Replies)
Discussion started by: MyMorris
8 Replies
5. UNIX for Dummies Questions & Answers
I need to create a user with least permission on the production server.
He should only be able to read or execute the files that to be specific.
For example:
I just need to give him a set of commands to run.Besides those command execution He should be prevented to run any other command and He... (2 Replies)
Discussion started by: pinga123
2 Replies
6. Shell Programming and Scripting
I have multiple .prm files that contain user ID's. The .prm files reside in multiple directories that allow users access to different areas of the system. (see below)
current directory /apps/fourgen/accounting/menu
drwxrwxrwx 16 phil infotech 512 Sep 7 2002 apmenu... (8 Replies)
Discussion started by: jamba1
8 Replies
7. Shell Programming and Scripting
hi,
how to create user name with read only access.
i think first need to create group with read only access after that i need to create the user and assign it to that group. If it is correct, how to create user with read only access? (4 Replies)
Discussion started by: rsivasan
4 Replies
8. UNIX for Dummies Questions & Answers
folks;
I created a new users on my SUSE box and i need to give this user/group a read write access to one specific folder. here's the details:
- I created new user "funny" under group "users".
- I need to give this user "funny" a read/write access to another directory that is owned by "root".... (3 Replies)
Discussion started by: Katkota
3 Replies
9. UNIX for Dummies Questions & Answers
Hi all,
if I have a dir with a mixture of files and directories in it and one of the directories *only* has read permission for the owner and I am not the owner - will I see it with an 'ls -la'.
I do not have access to a unix box at present to try this out.
Any thoughts gratefully received (1 Reply)
Discussion started by: ajcannon
1 Replies
10. UNIX for Dummies Questions & Answers
Hi!
I've just started learning shell scripting, and have been somewhat 'thrown in at the deep-end and told to swim' so excuse my complete lack of knowledge and ignorance, but here goes...
I've been given a unix script to 'tidy up'. Basically the script consists of the few lines of code being... (2 Replies)
Discussion started by: Sn33R
2 Replies
krb5_auth_rules(5) Standards, Environments, and Macros krb5_auth_rules(5)
NAME
krb5_auth_rules - Overview of Kerberos V5 authorization
DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who
he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
is permitted to access the Solaris user account that the client wants to access.
Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should
contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.
If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating
user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
the originating user is denied access.
For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then
access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user.
Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
be granted access to the account if and only if all of the following are true:
o The user part of the authenticated principal name is the same as the target account name specified by the client.
o The realm part of the client and server are the same.
o The target account name exists on the server.
For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if
jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
differ.
FILES
~/.k5login Per user-account authorization file.
/etc/passwd System account file. This information may also be in a directory service. See passwd(4).
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)
NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user.
SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)