Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

Users of own group shouldn't be able to delete

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Users of own group shouldn't be able to delete
# 1  
Old 11-17-2015
Users of own group shouldn't be able to delete
Oracle Linux 6.5

oracle user's primary group is oinstall and its secondary group is dba,asmdba,asmoper.

For the below created directory, I want the users belonging to dba,asmdba,asmoper to be able create, read and execute files but not delete them. How can I achieve that.

If I use 775 as shown below , then the above mentioned users will be able to DELETE files. I don't want that

Code:
$ id -a
uid=301(oracle) gid=303(oinstall) groups=303(oinstall),301(dba),305(asmdba),306(asmoper)
$
$
$ mkdir somedirectory
$
$ chmod -R 775 somedirectory

# 2  
Old 11-17-2015
If they can create , they can delete...
# 3  
Old 11-17-2015
Understand whatever you put to allow creation, that same account will also be able to delete unless you workout a e.g. special usage of sudo, allowing the group only to create, I am unsure to what extent using acl could solve your issue
This User Gave Thanks to vbe For This Post:
kraljic
# 4  
Old 11-17-2015
How about the "sticky" bit? That would allow deletion for the user's own files only, but deny it for others.
This User Gave Thanks to RudiC For This Post:
kraljic
# 5  
Old 11-17-2015
How can I implement Sticky bit , Rudic ?
# 6  
Old 11-17-2015
If a directory's file mode has the sticky bit set, the standards say:
Code:
If a directory is writable and the mode bit S_ISVTX is set on the directory, a process may remove
or rename files within that directory only if one or more of the following is true:
• The effective user ID of the process is the same as that of the owner ID of the file.
• The effective user ID of the process is the same as that of the owner ID of the directory.
• The process has appropriate privileges.
• Optionally, the file is writable by the process. Whether or not files that are writable by the
  process can be removed or renamed is implementation-defined.

To set the sticky bit on a directory, you want something like:
Code:
chmod 1775 directory_name...

the 1000 bit in that mode is the sticky bit. This chmod command must be run by the owner of the directory (or by a process with appropriate privileges [on many systems, this means running as root]).
These 2 Users Gave Thanks to Don Cragun For This Post:
jim mcnamara kraljic
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

create new group/delete existing group

Hi, please let me know the commands to create new group/delete existing group in unix and assigning users to newly created group. Thank you in advance. (2 Replies)
Discussion started by: kancherla.sree
2 Replies

2. Shell Programming and Scripting

users per group

hi guys I am trying to display a list of groups and the respective users: Group1 : user1 user2 user3 .... the closest thing I get is echo " "; echo "Group Users "; echo " "; cat /etc/group |grep | grep -v nfswhich I really don't since I want to remove the other stuff like x : and... (4 Replies)
Discussion started by: karlochacon
4 Replies

3. Programming

to obtain users of each group in c

Hello They have ordered to me that makes several small utilities in C/C++ for the servants, among them a small program in C/C++ to generate a file HTML with the groups of that servant and in addition that is the corresponding users of that group. For example of a group: Group: Sys Members:... (2 Replies)
Discussion started by: cybermeis
2 Replies

4. Shell Programming and Scripting

Change of group to different users

Need to change the chgrp for different uses d---rwx--t 3 root 764 4096 Mar 16 2007 algavi d---rwx--t 6 root 2857 4096 Jul 16 11:28 alharki d---rwx--t 5 root 2739 4096 Oct 14 2008 alpen d---rwx--t 5 root 546 4096 Mar 16 2007 alvarez d---rwx--t 3 root... (2 Replies)
Discussion started by: gsiva
2 Replies

5. Shell Programming and Scripting

Diffferentiate group from users

Im trying to put all the groups in into a variable called $GROUP, however in /etc/group there are also lotsa users. And the GID of group can differ as it can be set, this there is no specific range, how can i put all the names of the groups into that variable? (3 Replies)
Discussion started by: dplate07
3 Replies

6. Solaris

How can i allow only a group of users in NIS?

Hello experts. I am using Solaris10. How can i allow a group of users, remaining should be deny. Thanx in advance. (9 Replies)
Discussion started by: younus_syed
9 Replies

7. Shell Programming and Scripting

SSH for a group of users ?

Hi, Can any one tell me is it possible to setup private key public key pairing(SSH ) for a group of users , instead of setting it up for individual users ? Eg: Say i have 3 users A,B and C and i want the users to connect to SERVER1. instead of generating public private keys for each user , is... (3 Replies)
Discussion started by: deepusunil
3 Replies

8. AIX

Max users in a group ?

Hi All, Does anyone know if there is a maximum limit to the number of users that can be assigned to a group. I currently have on a production server 900+ users in 1 group. I know some of these users are no longer valid as we only have 500 employees and not all employees use this application. ... (4 Replies)
Discussion started by: anmiller
4 Replies

9. Solaris

How do you list users in a solaris group

I need to list all users in a group. This is a large unix site running nis+. (6 Replies)
Discussion started by: gillbates
6 Replies

10. UNIX for Dummies Questions & Answers

Adding users to /etc/group

I'm using SAM to add users on an HP and they're adding fine. But in /etc/group it only lists the group names. It's not adding the users in there. Is there a way to have them put in there without going into SAM and modifying the group and adding them? I guess what I want to happen is when I add... (1 Reply)
Discussion started by: golfhakker
1 Replies
Login or Register to Ask a Question