Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

security file

fergani
Advisor

security file

Hi everyone;
I am using tru64 unix v5.1 and I am a junior DBA.
I created a batch file inside the root directory , so I want certain users to have privileges to execute it only,but not to open it.

Do you think should I put this file inside root directory or inside the users directory who have the privileges to execute it only,but not to open it.

bye.
7 REPLIES
Martin Moore
HPE Pro

Re: security file

Access control lists might be the best solution for you. Do "man acl" for an introduction.

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details

Pieter 't Hart
Honored Contributor

Re: security file

I would suggest to keep the root directory clean.
Normally I would put own jobs like this
- at least in a subdirectory of the root (like /DBAprod)
- or even on a separate filesystem
- in your own home directory
- in a central DBAuser home directory
fergani
Advisor

Re: security file

Hi
I read the help of acl but there are many things I couldn't understand.
please could you provide my an example shown me How to get certain users to have privileges to execute a batch file only,but not to open it.

bye.
Pieter 't Hart
Honored Contributor

Re: security file

Instead of specifying each user in an acl it's more flexible to create two extra groups in /etc/group using "sysman groups".
eg. DBAexecute and DBAread (maybe also DBAowner)
add all appropriate users to the corresponding group.
set acl on the file with permissions.
"setacl -D -u group:DBAread:r--,group:DBAexecute:--x,group:DBAowner:rwx"

With standard unix protection you could also set the group of the file to DBAexecute
"chgrp DBAexecute" and set protection with chmod so the owner can read/write and the group execute.
"chmod u=rwx,g=x,o=" (o= now owner but other!)
fergani
Advisor

Re: security file

hi everyone
I need someone to explain me this statement:-
setacl -u group::r--,user:alpha:-w- shared

shared is the file.
I found it in the help but I don't understand.
bye
Martin Moore
HPE Pro

Re: security file

It gives read access to the group that owns the file (which could be done with the regular file permissions just as well) and it gives write access to the file to user "alpha".

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details

Martin Moore
HPE Pro

Re: security file

A further thought: have you checked out the information on ACL's in the security manual? The V5.1B manual is at http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51B_HTML/ARH95ETE/TITLE.HTM and has a very nice writeup, IMO, on ACL's. See Chapter 2, especially section 2.3.

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details