Allow user without dir write permission to execute a script that creates files
In our project we have several unix scripts that trigger different processes. These scripts write logs to a particular folder 'sesslogs', create output data files in a separate directory called 'datafiles' etc. Usually L1 support team re-run these scripts . We donot want L1 support team to have write access to any of the 'Sesslogs' or 'datafiles' folder as they could accidentally delete the critical files in these folders. So we would like their account 'operator' to have no write permission on these folders but just read and execute. At the same time when they run these shell scripts using the 'operator' account, the shell scripts must be able to create the new logfiles in the 'SessLogs' folder and also write output datafiles to the 'datafiles' folder.
How can this be achieved at the same time that 'operator' cannot manually delete or create a file in the SessLogs/datafiles folder.
Please advise.
Thanks Peasant.
We have about 50 scripts like that. Does it mean I have to create a wrapper script for each of the 50 scripts which invokes those scripts using the C executable ?
Eg: for script1.ksh I should create script1_wrapper.ksh which contains inside it
Similarly for script2.ksh I should create script2_wrapper.ksh which contains
and so on...
Is that a correct assumption or is there another approach which does not involve creation of 50 new wrapper scripts ?
With ksh and a tradional Unix (not Linux) you can directly have script1.ksh suid, owned by the data owner, and a shebang
--
The alternative is sudo. Every script is one entry in sudoers.
I chose the setuid option because with the sudoers option, for every new script we add, there would be dependency on the SA's adding the script entry to the sudoers file.
With the setuid option I am able to get half way there. But I am facing this issue. I just simplified the script for asking the question in this forum. The C binary is name 'invokescript'. This script basically invokes the shell script passed as argument to it using execvp
wrapperscript.ksh invokes script.ksh as follows
script.ksh, wrapperscript.ksh and invokescript are owned by user 'cdds'
invokescript C binary has SETUID bit set for owner 'cdds'.
When the owner 'cdds' runs wrapperscript.ksh I get the following output:
L
SQLOUTPUT
<The correct sqloutput comes here>
But when I run wrapperscript.ksh as 'cddsoper' user I get an error that can be understood by the following output:
sqlplus: error when loading shared libraries: libsqlplus.so: cannot open shared object file: no such file or directory
Based on the above output the question is as follows:
Even though the LD_LIBRARY_PATH contains the same value whether we run the wrapperscript.ksh as owner 'cdds' or user 'cddsoper' and /app/oracle/lib exists in both runs, when running as 'cddsoper', ldd sqlplus cannot find libsqlplus.so even though /app/oracle/lib is in LD_LIBRARY_PATH.
As a result the call to sqlplus fails when using 'cddsoper' account.
Why is that ?
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. I do not want to assign user the same group of that directories too.... (0 Replies)
Hi All,
We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.
-r--r--r-- 1 amgr u00 15661716 Aug 30 00:06 DCI.dat
So here amgr will have permission to edit the file. We want a... (10 Replies)
Hi
I am trying to make a web program which is command line equivalent. i have done the coding in cgi program in perl and html for basic forms to take inputs. when i ran the program from web application i see permission denied messages. after analyzing i found apache is running as wwwrun which... (2 Replies)
Hi,
I have a shell script(test.sh) and need to give execute permission for this shell script to user group
cobr_sftp and oracle.
Could you please help as to how to give this permission.
I have already given full access(777) to script test.sh. Does this mean all the users/user group can access... (1 Reply)
I want to check access rights permissions not for 'user', not for 'group', but for 'others'.
I want to do it by system command in which i want to use 'ls -l' and 'awk' command.
I have written the following program :
#!/usr/bin/local/perl
#include <stdlib.h>
system ("ls -l | awk... (1 Reply)
Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter.
any body can help me to explain what is that mean?
thank's (1 Reply)
Hi,
The requirement is like,
the program needs 2 argument one is user_id and second one is directory path. My script will check if that user_id has write access to the directory path. The directory path may be in any file system like AFS or NFS.
Can any one please suggest some points to... (1 Reply)
Hi
my directory not accepting any commands. its simply telling permission denied. i tried ( cp, mv, rm ) as roor
i want to set default permissons to this DIR
please find the Logs below.
dr-xr-xr-x 1 root root 1 Jun 1 09:04 AP1_ROP ( original dir)
root> chmod 777... (5 Replies)
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)