Unix/Linux Go Back    


UNIX for Beginners Questions & Answers If you're not sure where to post a Unix or Linux question, post it here. All unix and Linux beginners welcome in this forum!

Setting write permission for particular user

UNIX for Beginners Questions & Answers


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
arunkumar_mca's Unix or Linux Image
arunkumar_mca arunkumar_mca is offline
Registered User
 
Join Date: Oct 2004
Last Activity: 11 December 2017, 10:01 AM EST
Posts: 395
Thanks: 61
Thanked 2 Times in 2 Posts
Setting write permission for particular user

Hi All,


We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.



Code:
-r--r--r-- 1 amgr u00 15661716 Aug 30 00:06 DCI.dat

So here amgr will have permission to edit the file. We want a "ftpuser1" to get write permission for the file also we dont want the user "ftpuser1" to elivate the permission to amgr.

I see by setting SUID we can set that. What I read is it will make all user that are in group where "ftpuser1" is on will get the write permission
Sponsored Links
    #2  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
RudiC's Unix or Linux Image
RudiC RudiC is offline Forum Staff  
Moderator
 
Join Date: Jul 2012
Last Activity: 23 January 2018, 2:47 PM EST
Location: Aachen, Germany
Posts: 11,983
Thanks: 356
Thanked 3,693 Times in 3,391 Posts
I'm not sure I fully understand, esp. if ftpuser1 is a user or a group, so a few comments here:
- I don't see amgr permitted to edit the file - would need write permission as well.
- SUID won't modify any permissions on a data file (which I conclude from the "extension"), but will modify the UID of the process running a command (for every user running it) so it might access files with the user's (amgr's) ID.
- assigning ftpuser1 to group u00 might help given not too many users are in the u00 group and group access will be extended.
The Following User Says Thank You to RudiC For This Useful Post:
arunkumar_mca (10-04-2017)
Sponsored Links
    #3  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
arunkumar_mca's Unix or Linux Image
arunkumar_mca arunkumar_mca is offline
Registered User
 
Join Date: Oct 2004
Last Activity: 11 December 2017, 10:01 AM EST
Posts: 395
Thanks: 61
Thanked 2 Times in 2 Posts
ftpuser1 is a user. Below is the directory where the file is in. The directory has all permission to amgr believe that is the reason amgr has write permission



Code:
drwxr-xr-x 2 amgr u00 16384 Sep  6 14:47 reference

ftpuser1 cannot be added to u00 group as u00 is having the read permission. We need ftpuser1 to have write permission
    #4  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
Corona688's Unix or Linux Image
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 23 January 2018, 2:54 PM EST
Location: Saskatchewan
Posts: 22,574
Thanks: 1,164
Thanked 4,293 Times in 3,961 Posts
You could make the file belong to ftpuser1 perhaps.
Sponsored Links
    #5  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
arunkumar_mca's Unix or Linux Image
arunkumar_mca arunkumar_mca is offline
Registered User
 
Join Date: Oct 2004
Last Activity: 11 December 2017, 10:01 AM EST
Posts: 395
Thanks: 61
Thanked 2 Times in 2 Posts
You mean to make the file owner as the ftpuser1 . As per our configuration manager structure they want all the files to owned by amgr. ALso ftpuser1 cannot be added to amgr
Sponsored Links
    #6  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
hicksd8's Unix or Linux Image
hicksd8 hicksd8 is offline Forum Staff  
Moderator
 
Join Date: Feb 2012
Last Activity: 23 January 2018, 4:22 PM EST
Location: Devon, UK
Posts: 1,734
Thanks: 248
Thanked 441 Times in 378 Posts
Phew! I've read this many times and I'm not sure that I understand either. Anyway,

Is there a reason why you can't create a separate group for write access users and set the file group setting to that group with rights ='rw'
So the file has group <newgroup> with 'rw' rights. ftpuser1 is also in group <newgroup> so gets 'rw' rights to the file.
(Remember that a user can be a member of more than one group.)

Unless you're worried about who can read the file you can give the world read rights. World='r'.

Therefore, ftpuser1 is (perhaps) the only member of a new group which can read/write the file (modify).

If you want a user to be able to write (and I mean create the file) then they'll need write access to the directory above (and there are various ways you can do that too).

Perhaps you need to explain things to us all a bit more.

Last edited by hicksd8; 10-04-2017 at 01:49 PM..
The Following 2 Users Say Thank You to hicksd8 For This Useful Post:
arunkumar_mca (10-04-2017), rbatte1 (10-04-2017)
Sponsored Links
    #7  
Old Unix and Linux 10-04-2017   -   Original Discussion by arunkumar_mca
rbatte1's Unix or Linux Image
rbatte1 rbatte1 is offline Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 23 January 2018, 6:47 AM EST
Location: Lancashire, UK
Posts: 3,445
Thanks: 1,494
Thanked 673 Times in 606 Posts
It's getting complicated because we don't know what other users you have.

The suggestion from hicksd8 to have a new group is a good one.

How does the file arrive? If it is created by amgr, then amgr would also need to be in the group. A simple chgrp newgroup DCI.dat should then suffice. The account amgr already has write permission so that should not be an issue. Name your new group something sensible so you know what it is for and don't abuse it.


An alternate may be to use Access Control Lists (ACLs) but they are OS dependant and may not be recovered if you restore a file. What OS and version are you using? If the suggestion above does not help, I@m sure we can work something out.



Kind regards,
Robin
The Following 2 Users Say Thank You to rbatte1 For This Useful Post:
arunkumar_mca (10-04-2017), Corona688 (10-04-2017)
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Allow user without dir write permission to execute a script that creates files waavman UNIX for Advanced & Expert Users 14 01-08-2014 06:54 PM
Apache write permission issues to another user owned directory rakeshkumar Web Programming 2 10-18-2013 03:03 AM
search any user files with write permission michlix Shell Programming and Scripting 1 01-12-2012 11:52 PM
write permission to a perticular user to a directory siba.s.nayak Shell Programming and Scripting 1 09-04-2009 09:37 PM
Find all files with group read OR group write OR user write permission shunter63 Shell Programming and Scripting 5 01-14-2009 01:06 PM



All times are GMT -4. The time now is 09:59 PM.