We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.
So here amgr will have permission to edit the file. We want a "ftpuser1" to get write permission for the file also we dont want the user "ftpuser1" to elivate the permission to amgr.
I see by setting SUID we can set that. What I read is it will make all user that are in group where "ftpuser1" is on will get the write permission
I'm not sure I fully understand, esp. if ftpuser1 is a user or a group, so a few comments here:
- I don't see amgr permitted to edit the file - would need write permission as well.
- SUID won't modify any permissions on a data file (which I conclude from the "extension"), but will modify the UID of the process running a command (for every user running it) so it might access files with the user's (amgr's) ID.
- assigning ftpuser1 to group u00 might help given not too many users are in the u00 group and group access will be extended.
ftpuser1 is a user. Below is the directory where the file is in. The directory has all permission to amgr believe that is the reason amgr has write permission
ftpuser1 cannot be added to u00 group as u00 is having the read permission. We need ftpuser1 to have write permission
You mean to make the file owner as the ftpuser1 . As per our configuration manager structure they want all the files to owned by amgr. ALso ftpuser1 cannot be added to amgr
Phew! I've read this many times and I'm not sure that I understand either. Anyway,
Is there a reason why you can't create a separate group for write access users and set the file group setting to that group with rights ='rw'
So the file has group <newgroup> with 'rw' rights. ftpuser1 is also in group <newgroup> so gets 'rw' rights to the file.
(Remember that a user can be a member of more than one group.)
Unless you're worried about who can read the file you can give the world read rights. World='r'.
Therefore, ftpuser1 is (perhaps) the only member of a new group which can read/write the file (modify).
If you want a user to be able to write (and I mean create the file) then they'll need write access to the directory above (and there are various ways you can do that too).
Perhaps you need to explain things to us all a bit more.
Last edited by hicksd8; 10-04-2017 at 01:49 PM..
These 2 Users Gave Thanks to hicksd8 For This Post:
It's getting complicated because we don't know what other users you have.
The suggestion from hicksd8 to have a new group is a good one.
How does the file arrive? If it is created by amgr, then amgr would also need to be in the group. A simple chgrp newgroup DCI.dat should then suffice. The account amgr already has write permission so that should not be an issue. Name your new group something sensible so you know what it is for and don't abuse it.
An alternate may be to use Access Control Lists (ACLs) but they are OS dependant and may not be recovered if you restore a file. What OS and version are you using? If the suggestion above does not help, I@m sure we can work something out.
Kind regards,
Robin
These 2 Users Gave Thanks to rbatte1 For This Post:
I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. This is for Solaris. Please help. (1 Reply)
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. I do not want to assign user the same group of that directories too.... (0 Replies)
In our project we have several unix scripts that trigger different processes. These scripts write logs to a particular folder 'sesslogs', create output data files in a separate directory called 'datafiles' etc. Usually L1 support team re-run these scripts . We donot want L1 support team to have... (14 Replies)
Hi
I am trying to make a web program which is command line equivalent. i have done the coding in cgi program in perl and html for basic forms to take inputs. when i ran the program from web application i see permission denied messages. after analyzing i found apache is running as wwwrun which... (2 Replies)
Trying to figure out the best method of security for oracle user accounts. In Solaris 10 they are set as regular users but have nologin set forcing the dev's to login as themselves and then su to the oracle users.
In Solaris11 we have the option of making it a role because RBAC is enabled but... (1 Reply)
Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter.
any body can help me to explain what is that mean?
thank's (1 Reply)
Hi,
The requirement is like,
the program needs 2 argument one is user_id and second one is directory path. My script will check if that user_id has write access to the directory path. The directory path may be in any file system like AFS or NFS.
Can any one please suggest some points to... (1 Reply)
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)