HPE Community
Operating System - HP-UX
1834164 Members
3205 Online
110064 Solutions
New Discussion

Re: how do i assign read only rights to a user for whole filesystem

 
SOLVED
Go to solution
Yashodhan Deo
Occasional Advisor

‎12-15-2004 02:15 AM

‎12-15-2004 02:15 AM

how do i assign read only rights to a user for whole filesystem

Hi

I have created a user with restricted shell. How can I assign him only read rights ..i.e browsing all the filesystem on the server.

Thanks in Advance
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎12-15-2004 02:22 AM

‎12-15-2004 02:22 AM

Re: how do i assign read only rights to a user for whole filesystem

Its handled by modifying the contents of the filesytsem

Lets say the filesystem is called /sharedata

the user is called

pita

place user pita in group notouch
groupadd notouch

by modifying /etc/passwd for the user placing them in notouch

The rest of the users accessing sharedata are in the default group users

cd /sharedata
chmod -R o-w *

Make sure all files are in the group users

the chmod command modifies all permissions so that if the user is not in the group that owns the files they can't change anything.

since pita is in group notouch that user can not modify any files. That user can look at files with other read permissions o+r

SEP


Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎12-15-2004 02:28 AM

‎12-15-2004 02:28 AM

Re: how do i assign read only rights to a user for whole filesystem

You could try creating an entry in /etc/exports and export /. Then in /etc/fstab create a nfs mount that is read only and make it available to the user.

HTH

-- Rod Hills
There be dragons...
Reply
Yashodhan Deo
Occasional Advisor

‎12-15-2004 02:52 AM

‎12-15-2004 02:52 AM

Re: how do i assign read only rights to a user for whole filesystem

Hi Steven and Rodney

Appreciate your responses.

Rodney/Steven can the user login to that server and yet go browsing all the filesystems on that server with read access
Basically the user wants to check the logs of appl and system.

0 Kudos
Reply
Geoff Wild
Honored Contributor

‎12-15-2004 03:16 AM

‎12-15-2004 03:16 AM

Solution

Re: how do i assign read only rights to a user for whole filesystem

Some info on restriced shell:

rksh Only
rksh is used to set up login names and execution environments where
capabilities are more controlled than those of the standard shell.
The actions of rksh are identical to those of ksh, except that the
following are forbidden:

+ Changing directory (see cd(1))
+ Setting the value of SHELL, ENV, or PATH
+ Specifying path or command names containing /
+ Redirecting output (>, >|, <>, and >>)

The restrictions above are enforced after the .profile and ENV files
are interpreted.

When a command to be executed is found to be a shell procedure, rksh
invokes ksh to execute it. Thus, the end-user is provided with shell
procedures accessible to the full power of the standard shell, while
being restricted to a limited menu of commands. This scheme assumes
that the end-user does not have write and execute permissions in the
same directory.

When a shell procedure is invoked from rksh, the shell interpreter
specified with the #! magic inherits all the restricted features of
rksh. So, the shell procedures written for execution under rksh with
the intent of utilizing the full power of the standard shell should
not specify an interpreter with #!.

These rules effectively give the writer of the .profile file complete
control over user actions, by performing guaranteed set-up actions and
leaving the user in an appropriate directory (probably not the login
directory).

The system administrator often sets up a directory of commands
(usually /usr/rbin) that can be safely invoked by rksh. HP-UX systems
provide a restricted editor red (see ed(1)), suitable for restricted
users.

They won't be able to cd....

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Rodney Hills
Honored Contributor

‎12-15-2004 03:29 AM

‎12-15-2004 03:29 AM

Re: how do i assign read only rights to a user for whole filesystem

A users access is defined by the file system permissions. Only "root" can bypass these permissions.

If you don't want to modify any of the filesystems permissions, you could set up a script/tool that does browsing and use the tool "sudo" to give temp root permission to the user for browsing purposes only. Then you wouldn't have to play with restricted shell.

Other alternatives are to share the folders that contain the logs (either NFS or Samba) and let the user access them from another computer.

HTH

-- Rod Hills
There be dragons...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.