topic Re: Different owners - Delete in Operating System - HP-UX

Different owners - Delete

intp — Tue, 27 Jun 2006 15:29:37 GMT

Hi,

following is the content of my shell script.

mv location1/file1 location2/file1
rm location1/file3

Background:
1)I have couple of ids to login to same server.
2) I have an id ftpuser (which has write access only in location1). ftpuser id is used by
several other groups to ftp files to location1. ftpuser will be the owner , group and others will
have only read access.
3) I login in as opuser (which has write access only in location2).
4) For above shell script (move.sh ) , opuser is the owner , group and other have read and execute permissions.

Now the problem,

1) I login as opuser and execute the script, it fails because opuser doesnt have delete (as it is trying to move)
access in location1. but has write permission in location2.

2) I login as ftpuser and execute the script, it fails because ftpuser doesnt have write access in location2 but has
delete access in location1.

I cant get delete access for opuser for location1 or write access for ftpuser in location2.
Thats a business constraint.How to solve this problem. ? After logging in can we SU and try ?
or any other better way ?

Thanks

Re: Different owners - Delete

Steven E. Protter — Tue, 27 Jun 2006 17:34:55 GMT

Shalom,

suggesetion:

1) Create a common group for these two users and make sure nobody else ever gets into that group.

2) Grant g+w permissions on the file. use chmod on both systems.

The script should now permit both users to delete if that was the issue.

3) Have the process that creates the file have a umask that permits group write and sets the ownership appropriately based on item 2.

SEP

Re: Different owners - Delete

Ivan Ferreira — Tue, 27 Jun 2006 17:39:33 GMT

If you cannot grant delete access to opuser to location1 there is no way that you can do this from a script. Even if you use sudo, you must grant delete access to opuser in location1. If you use su -c "command" to change the user for deletion, you must know the password for that user.

You have the option of making the opuser and ftpuser members of the same group. This could be the scheme:

UID: ftpuser GID: ftpusers
UID: opuser GID: ftpusers,opuser[,group2,group3...]

location1: owner ftpuser.ftpusers, permissions 770
location2: owner root.opuser, permissions 770

In this way, by using opuser, you will be able to move the file from location1 to location2 and remove the files in location1.

Re: Different owners - Delete

intp — Tue, 27 Jun 2006 18:11:01 GMT

ivan ...i know passwords for both ids.

what i'm trying to know is...

1) I login as opuser , copy location1/file1 to location2/file1. Since opuser has write access in location2...this step will work.
then....

2) within same script i need to do SU ftpuser (i know the pwd)...and rm location1/file1 and rm location1/file3
since ftpuser has delete access in location1..this step shud work.

this meets my goal. but is this acheivable in one script?

Re: Different owners - Delete

JASH_2 — Wed, 28 Jun 2006 03:38:37 GMT

Intp,

You could set a cron job in root to do the transfers for you, as often as you want them moved etc. This would mean that the files would be transferred etc, without too much messing with permissions. Also, the cronned script could set the permissions on all the files to exactly what you want.

Just a thought.

JASH