cancel
Showing results for 
Search instead for 
Did you mean: 

Resticted permission

Resticted permission

Hi Team,

How are you??

Need assistances,

I want to restict perticular user.

Ex: on server-A

server-A #cd /opt/pratibha
server-A #ls -l

drwxr-xr-x 2 root sys 96 Jan 7 06:01 Test1
-rwx-r--r-- 1 root sys 20 Mar 17 2008 tmp1
-rw-r--r-- 1 root sys 68 Apr 1 2008 test

server-A # id pratibha

id=401(pratibha) gid=123(sys)

Please give permission to user pratibha, only read test file

But cant see others File/Directories exists under /opt/pratibha.


Thanks in advance.

Pratibha
4 REPLIES
Sani
Frequent Advisor

Re: Resticted permission


Hi ,

Use acl

See man page of "setacl" command
sujit kumar singh
Honored Contributor

Re: Resticted permission

Hi,


For using the discretionary rights on a file you can take help of the setacl , chacl commands etc. with the help of this apart from the basic permisiions on a file you can give 13 other Disretionary rights on a file.

if you are using the HFS on the underlying Filesystem as you can see from the bdf O/P, you can use the commands
#lsacl
and
#chacl
in your case you can try by
#chacl '(pratibha.%,r--)' test
List the ACL
#lsacl -l test


if VxFS(quite OLD versions of VxFS did not support ACLs)
then use setacl and getacl

#setacl -m "user:pratibha:r--" /opt/pratibha/test
#getacl /opt/pratibha/test



For more you can refer to the manpages of lsacl,chacl,setacl and getacl.

Also the FS Should have a support for ACL.

regards
sujit
Ganesan R
Honored Contributor

Re: Resticted permission

Hi Pradiba,

You don't need to do anything with current permission of test file. Currently this user is only having read permission on test file.

By the way, why do you set pratibha user as part of sys group? for testing purpose? Because sys is specific to system group not for ordinary users.

And setacl is to give special permission by overriding traditional unix file permission. For example if "pradiba" user needs executable permission on specific file on which this user/his group/others have not executable permission, then you need to use setacl. Syntax would be
#setacl -m user:pradiba:r-x test.sh -> will add read and write permission on test.sh for user pradiba user.
Best wishes,

Ganesh.
Ganesan R
Honored Contributor

Re: Resticted permission

Hi,

Typo error on my last post. It should be like below.

#setacl -m user:pradiba:r-x test.sh -> will add read and execute permission on test.sh for user pradiba user.
Best wishes,

Ganesh.