HPE Community
Operating System - HP-UX
1833726 Members
2576 Online
110063 Solutions
New Discussion

Different owners - Delete

 
intp
Frequent Advisor

‎06-27-2006 08:29 AM

‎06-27-2006 08:29 AM

Different owners - Delete

Hi,

following is the content of my shell script.


mv location1/file1 location2/file1
rm location1/file3

Background:
1)I have couple of ids to login to same server.
2) I have an id ftpuser (which has write access only in location1). ftpuser id is used by
several other groups to ftp files to location1. ftpuser will be the owner , group and others will
have only read access.
3) I login in as opuser (which has write access only in location2).
4) For above shell script (move.sh ) , opuser is the owner , group and other have read and execute permissions.


Now the problem,

1) I login as opuser and execute the script, it fails because opuser doesnt have delete (as it is trying to move)
access in location1. but has write permission in location2.

2) I login as ftpuser and execute the script, it fails because ftpuser doesnt have write access in location2 but has
delete access in location1.


I cant get delete access for opuser for location1 or write access for ftpuser in location2.
Thats a business constraint.How to solve this problem. ? After logging in can we SU and try ?
or any other better way ?

Thanks
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎06-27-2006 10:34 AM

‎06-27-2006 10:34 AM

Re: Different owners - Delete

Shalom,

suggesetion:

1) Create a common group for these two users and make sure nobody else ever gets into that group.

2) Grant g+w permissions on the file. use chmod on both systems.

The script should now permit both users to delete if that was the issue.

3) Have the process that creates the file have a umask that permits group write and sets the ownership appropriately based on item 2.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎06-27-2006 10:39 AM

‎06-27-2006 10:39 AM

Re: Different owners - Delete

If you cannot grant delete access to opuser to location1 there is no way that you can do this from a script. Even if you use sudo, you must grant delete access to opuser in location1. If you use su -c "command" to change the user for deletion, you must know the password for that user.


You have the option of making the opuser and ftpuser members of the same group. This could be the scheme:

UID: ftpuser GID: ftpusers
UID: opuser GID: ftpusers,opuser[,group2,group3...]

location1: owner ftpuser.ftpusers, permissions 770
location2: owner root.opuser, permissions 770

In this way, by using opuser, you will be able to move the file from location1 to location2 and remove the files in location1.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
intp
Frequent Advisor

‎06-27-2006 11:11 AM

‎06-27-2006 11:11 AM

Re: Different owners - Delete

ivan ...i know passwords for both ids.

what i'm trying to know is...

1) I login as opuser , copy location1/file1 to location2/file1. Since opuser has write access in location2...this step will work.
then....

2) within same script i need to do SU ftpuser (i know the pwd)...and rm location1/file1 and rm location1/file3
since ftpuser has delete access in location1..this step shud work.

this meets my goal. but is this acheivable in one script?
0 Kudos
Reply
JASH_2
Trusted Contributor

‎06-27-2006 08:38 PM

‎06-27-2006 08:38 PM

Re: Different owners - Delete

Intp,

You could set a cron job in root to do the transfers for you, as often as you want them moved etc. This would mean that the files would be transferred etc, without too much messing with permissions. Also, the cronned script could set the permissions on all the files to exactly what you want.

Just a thought.

JASH
If I can, I will!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.