if you have the "-R" option in your vi implementation (see "man vi"), you could probably create a wrapper script for vi to start in read-only mode unless the user is in the "allowed" group ... you can either (1) create the wrapper script to start first in the users' PATH or (2) you can move /usr/bin/vi to /usr/bin/viorig and name the wrapper script /usr/bin/vi that would call /usr/bin/viorig with the correct options ... if using option 2, make sure that you have a copy of the wrapper script somewhere else that you can copy back in place after system upgrades as you may have to rename /usr/bin/viorig back to /usr/bin/vi prior to the upgrades ... sample below assumes an "allowed" group in /etc/group and sends email when vi in edit mode ...
Code:
#! /bin/ksh
admin=admin@some.com
allowed=$((grep $LOGNAME /etc/group | grep allowed > /dev/null) && echo "yes" || echo "no")
if [ $allowed = "yes" ]
then
echo "$LOGNAME has activated vi in edit mode" | mailx -s "vi in edit mode" $admin
/usr/bin/viorig $file
else
/usr/bin/viorig -R $file
fi
exit 0
Last edited by Just Ice; 06-20-2013 at 12:21 AM..
Reason: fixed variable
"vi" (btw: it is written lowercase, as UNIX is case-sensitive and "Vi" or "VI" would be entirely different things) is an editor - a means to write and edit texts. Think of it like "notepad.exe" (with the difference that it is very powerful, unlike notepad). In fact it does only this: editing files. If you want have some different function (like version control) you will have to accomplish that with some other tool.
This brings it to the second point: UNIX is a collection of very small, very specialized tools. It is understandable that you want the tool you use ("vi") to do something to accomplish your goal, but usually this is just wrong (i.e. "not UNIX-like") thinking. You will have to use another tool, specialized in doing what you want to accomplish, and combine that with the first.
So far some general remarks about UNIX behavior (you said you wanted to explain that to your boss, therefore some "philosophy" behind it).
Rights in UNIX are quite simple (note experts: i simplify here a bit, for the benefit of easier understanding): there is a "read", a "write" and an "execute"-right. This triplett of rights is given for: the owner of a file, the group, the owner belongs to and for everybody else. This means 3x3=9 different rights ("privileges"), which can either be there or not.
The easiest way to accomplish what you want is: first, create a group where all the developers are a member of. (Every user can be member of any number of groups, so introducing one more is no problem). For the files in question, make them owned by exactly this group. Then set the "read"- and "execute"-rights for the group and deny the group write-rights. Now every member can read and execute the file(s) but not overwrite it with another version.
In AIX (this is IBMs UNIX) this is done by (in the following i use "developers" as group name and "devacctN" for the developers accounts, feel free to change this):
Code:
# create the group developers
mkgroup developers
# now, add all developers to this new group
chuser groups=developers devacct1
chuser groups=developers devacct2
chuser groups=developers devacct3
...
# finally, change the files permissions and ownership
chown :developers /path/to/file
# change the permission for this file
# grant read and execute
chmod g+rx /path/to/file
# deny write
chmod g-w /path/to/file
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
I need a script to add the following two users ids to the permissions for various files: IIS_WPG and IUSR_CowGirl. I am fairly familiar with scripting but haven't been able to figure out how to do this via a script. Manually doing it is slow. I don't want to create users but only add them to a... (2 Replies)
I need a script to add the following two users ids to the permissions for various files: IIS_WPG and IUSR_CowGirl. I am fairly familiar with scripting but haven't been able to figure out how to do this via a script. Manually doing it is slow. I don't want to create users but only add them to a... (2 Replies)
Hi I need help. I need to use find (or grep I don't care) to recursively search for files who have any kind of executable permissions (group and/or owner and/or other). I am looking for *.c and *.h
This what I am using now:
find . -name *.h -perm -111 -print
but I don't want to retype that... (4 Replies)
If I look at the permissions of a folder on a network share while using a local admin account on my computer, then authenticating as a open directory user to connect to the share, they appear completely different than if I had logged in as an OD user and looked at it, it also appears different from... (0 Replies)
I know how to change permissions for the owner, group or others.
if I want a file readable for a group A of users
and writable for a group B how can I do it ?
thanks (2 Replies)
Hi,
how can I assign different permissions to different users in unix ?
I want to allow userA to read a specific folder and deny read permission to userB
thanks (2 Replies)
Hi,
I need a command or a script to change the group permissions to be the same as the owner permissions for all my files and directories (recursive)
any idea ? (4 Replies)
From within a directory, how do I determine whether I have write permission for it.
test -w pwd ; echo ?
This doesn't work as it returns false, even though I have write permission. (4 Replies)
06-20-2013
