- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- rights/permissions -- plz help
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 05:08 AM
тАО02-09-2005 05:08 AM
how can i implement the permissions on the directory(say /data) so that users
0, Read the file(s)
1, cant delete the file(s)
2, cant delete the contents(previously written data) of the file(s)
3, but they can append the in the file(s) i.e they cant change/remove previously saved data in the file, but they can append the data.
plz help me implemet the above mentioned permissions.
Thanx in adv.
Regards
Maaz
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 05:32 AM
тАО02-09-2005 05:32 AM
Re: rights/permissions -- plz help
Can't have a writable file that is forbidden to be deleted.
The other option is to investigate Access Control Lists (ACLs). This will offer finer control options that you seek.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 12:22 PM
тАО02-09-2005 12:22 PM
Re: rights/permissions -- plz help
chmod 744 /data
This will achieve all but 3). Maybe you can try investigating ACLs as per Rick's suggestion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 02:09 PM
тАО02-09-2005 02:09 PM
Re: rights/permissions -- plz help
3) this - per default - only works on systems that (know securelevels and *) the chflags command.
chflags uappnd filename
but, if I remember correctly there are patches for linux to get You the chflags command. But I have no idea where I read that.
ACLs would only allow You to set a
*) more specific: it only makes sense if You have securelevels so that noone can remove the flag.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2005 04:08 AM
тАО02-10-2005 04:08 AM
Re: rights/permissions -- plz help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2005 04:24 AM
тАО02-10-2005 04:24 AM
Re: rights/permissions -- plz help
Regards
Maaz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2005 05:14 AM
тАО02-10-2005 05:14 AM
Re: rights/permissions -- plz help
Use a stickybit so that only owner of the file will be able to delete the file.
Set the basic permission
#chmod 766
After that
#chmod u+t ( Sticky bit )
After setting stickybit the permissions can be viewed as follows.
-rwxrw-rwT 1 root sys 1276 Jul 12 2002 xyz
See man page of chmod for more info.
Regards,
Syam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2005 05:15 AM
тАО02-10-2005 05:15 AM
Re: rights/permissions -- plz help
A good doc here for your reference.
http://docs.hp.com/en/B2355-90672/ch12s06.html
Regards,
Syam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2005 06:09 AM
тАО02-11-2005 06:09 AM
Re: rights/permissions -- plz help
and again I m repeating my question.. Dear Florian Heigl if u(any one is invited) can plz explain the "securelevels"
Regards
Maaz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2005 08:25 AM
тАО02-11-2005 08:25 AM
SolutionAnother option would be;
1. limit access to read-only on the directories and files.
2. Create a script that would only allow appending to existing file
3. Set up 'sudo' with a "RUNAS" option.
4. Add the script you created to the sudo definition.
You'll need to keep tight control of the permissions for this script so no one can give themselves extra privileges.
Example:
chown security:security /data
chmod 755 /data
Sudoers might have something like:
User_Alias APPEND_USERS=operator1,opereator2
Host_Alias APPEND_SERVER=myhost
Runas_Alias APPEND_RUNAS=security
Cmnd_Alias APPEND_CMD=/usr/local/secure/append_script.ksh
APPEND_USERS APPEND_SERVER=(APPEND_RUNAS) APPEND_CMD
Then they (operator1, operator2, etc.) would run it as:
$ sudo /usr/local/secure/append_script.ksh
David