topic Re: Grant user's right in Operating System - Linux

Grant user's right

Jorge Cocomess — Wed, 13 Sep 2006 12:28:42 GMT

Greetings,

The file permission is set to rw,rw,r -- How do I give a specific user "John" permission to run a process without world's permission? As root I can do chmod 666 or 777 to a file, but I would like this user to be able to run a process to process this file without having to run chmod prior to.

Please help!!

Thank you in advance.

Jorge

Re: Grant user's right

Jorge Cocomess — Wed, 13 Sep 2006 12:29:23 GMT

Yes, this would be in RHAS 3.0.

Thanks,

Re: Grant user's right

George Liu_4 — Wed, 13 Sep 2006 13:03:22 GMT

a couple of ways.
1. add John to the group where the file belongs to
2. Change the program to allow suid for appropriate owner/group-ship

Re: Grant user's right

spex — Wed, 13 Sep 2006 13:17:43 GMT

Hi Jorge,

There are many ways to accomplish this:

1) Create a wrapper script to execute 'sudo -u owner file', or teach John the syntax. Make sure john is set up in sudoers.

2) Create a new group and make john a member. Then 'chgrp newgroup file && chmod g+x file'.

3) Create a wrapper script that checks for john's uid and executes 'file' in the event of a match. Make sure to 'setuid' or 'setgid' for the script appropriately.

4) Use an ACL. RHEL 3.0 has ACL support for ext3 built into the kernel. To enable ACLs for a filesystem, use the '-o acl' option to 'mount'. Then:

# setfacl -m u:john:rwx file

Of course, if this is the only instance you'll use ACLs on the filesystem, it's overkill.

PCS

Re: Grant user's right

Jorge Cocomess — Wed, 13 Sep 2006 22:51:51 GMT

Hello,

I'd like to say thanks for all your suggestions. However, I'm still learning Linux, therefore, I would need more details such as the command to add seudo user account, etc.

Thanks,
Jorge

Re: Grant user's right

Jorge Cocomess — Fri, 15 Sep 2006 08:45:31 GMT

I added the user "John" to the sudoers file. By testing, I logged as him and find that "John" still have the permission as he did before. Once I modified the sudoers file, do I need to stop & restart sudoers service or some sort before it can work?

Please help!!

Re: Grant user's right

Manuel Wolfshant — Fri, 15 Sep 2006 15:09:42 GMT

Jorge, in order to use sudo you must do 2 things:
a) as root, use visudo to edit the /etc/sudoers file and add a line similar to:
john ALL=(ALL) command to run including parameters
b) as user john, run:
sudo command to run including parameters

The alternative is to follow spex's suggestion number 4. Just mount the filesystem with the "acl" option and grant execute permission to the user. spex has provided step by step instructions for that.

Re: Grant user's right

Jorge Cocomess — Fri, 15 Sep 2006 15:58:31 GMT

Hi,

Dummy me...I forgot to run "sudo su -" command after I logged in as john. It's now working prefectly.

However, I would like to know more about ACL - I know ACL pretty well the VMS world, but lost when I read the docs online for Linux.

Does anyone here have step-by-step instructions on setting up ACL in RHAS 2.1 AS?

Thanks anyone for your help!!

Have a great weekend.

Jorge