HPE Community
Operating System - Linux
1753963 Members
7327 Online
108811 Solutions
New Discussion юеВ

rights/permissions -- plz help

 
SOLVED
Go to solution
Maaz
Valued Contributor

тАО02-09-2005 05:08 AM

тАО02-09-2005 05:08 AM

rights/permissions -- plz help

Dear Gurus

how can i implement the permissions on the directory(say /data) so that users

0, Read the file(s)
1, cant delete the file(s)
2, cant delete the contents(previously written data) of the file(s)
3, but they can append the in the file(s) i.e they cant change/remove previously saved data in the file, but they can append the data.

plz help me implemet the above mentioned permissions.

Thanx in adv.

Regards
Maaz
0 Kudos
Reply
10 REPLIES 10
Rick Garland
Honored Contributor

тАО02-09-2005 05:32 AM

тАО02-09-2005 05:32 AM

Re: rights/permissions -- plz help

In using just the straight permissions and ownerships.

Can't have a writable file that is forbidden to be deleted.

The other option is to investigate Access Control Lists (ACLs). This will offer finer control options that you seek.
0 Kudos
Reply
Dexter Filmore
Honored Contributor

тАО02-09-2005 12:22 PM

тАО02-09-2005 12:22 PM

Re: rights/permissions -- plz help

Try:

chmod 744 /data

This will achieve all but 3). Maybe you can try investigating ACLs as per Rick's suggestion.
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО02-09-2005 02:09 PM

тАО02-09-2005 02:09 PM

Re: rights/permissions -- plz help

Maaz:

3) this - per default - only works on systems that (know securelevels and *) the chflags command.

chflags uappnd filename

but, if I remember correctly there are patches for linux to get You the chflags command. But I have no idea where I read that.

ACLs would only allow You to set a permission, but change includes overwriting, so this is useless.

*) more specific: it only makes sense if You have securelevels so that noone can remove the flag.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Maaz
Valued Contributor

тАО02-10-2005 04:08 AM

тАО02-10-2005 04:08 AM

Re: rights/permissions -- plz help

Thanx Dear All for the help/reply
0 Kudos
Reply
Maaz
Valued Contributor

тАО02-10-2005 04:24 AM

тАО02-10-2005 04:24 AM

Re: rights/permissions -- plz help

Dear Florian Heigl if u(any one is invited) can plz explain the "securelevels"

Regards
Maaz
0 Kudos
Reply
Ranjith_5
Honored Contributor

тАО02-10-2005 05:14 AM

тАО02-10-2005 05:14 AM

Re: rights/permissions -- plz help

Hi Maaz,

Use a stickybit so that only owner of the file will be able to delete the file.

Set the basic permission
#chmod 766

After that

#chmod u+t ( Sticky bit )

After setting stickybit the permissions can be viewed as follows.

-rwxrw-rwT 1 root sys 1276 Jul 12 2002 xyz

See man page of chmod for more info.

Regards,
Syam
0 Kudos
Reply
Ranjith_5
Honored Contributor

тАО02-10-2005 05:15 AM

тАО02-10-2005 05:15 AM

Re: rights/permissions -- plz help

Hi Maaz,

A good doc here for your reference.

http://docs.hp.com/en/B2355-90672/ch12s06.html

Regards,
Syam
0 Kudos
Reply
Maaz
Valued Contributor

тАО02-11-2005 06:09 AM

тАО02-11-2005 06:09 AM

Re: rights/permissions -- plz help

thnx dear Syam

and again I m repeating my question.. Dear Florian Heigl if u(any one is invited) can plz explain the "securelevels"

Regards
Maaz
0 Kudos
Reply
David Child_1
Honored Contributor

тАО02-11-2005 08:25 AM

тАО02-11-2005 08:25 AM

Solution

Re: rights/permissions -- plz help

Maaz,

Another option would be;

1. limit access to read-only on the directories and files.
2. Create a script that would only allow appending to existing file
3. Set up 'sudo' with a "RUNAS" option.
4. Add the script you created to the sudo definition.

You'll need to keep tight control of the permissions for this script so no one can give themselves extra privileges.

Example:
chown security:security /data
chmod 755 /data

Sudoers might have something like:

User_Alias APPEND_USERS=operator1,opereator2
Host_Alias APPEND_SERVER=myhost
Runas_Alias APPEND_RUNAS=security
Cmnd_Alias APPEND_CMD=/usr/local/secure/append_script.ksh
APPEND_USERS APPEND_SERVER=(APPEND_RUNAS) APPEND_CMD

Then they (operator1, operator2, etc.) would run it as:

$ sudo /usr/local/secure/append_script.ksh

David

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.