HPE Community
Operating System - HP-UX
1831635 Members
1714 Online
110027 Solutions
New Discussion

how to grant a user to assess a directory under root ex... /tmp

 
SOLVED
Go to solution
Grayh
Trusted Contributor

‎11-06-2008 09:25 AM

‎11-06-2008 09:25 AM

how to grant a user to assess a directory under root ex... /tmp

how to grant a user to assess a directory under root ex... /tmp

So that all the users can do a mkdir in it..
0 Kudos
12 REPLIES 12
Pete Randall
Outstanding Contributor

‎11-06-2008 09:27 AM

‎11-06-2008 09:27 AM

Solution

Re: how to grant a user to assess a directory under root ex... /tmp

# ll -d /tmp
drwxrwxrwx 15 bin bin 8192 Nov 6 11:31 /tmp


Pete

Pete
0 Kudos
Grayh
Trusted Contributor

‎11-06-2008 09:30 AM

‎11-06-2008 09:30 AM

Re: how to grant a user to assess a directory under root ex... /tmp

When I login as a user I have something like this ....

$ ll -d /tmp
drwxr-xr-x 4 root root 1024 Nov 6 10:26 /tmp
$
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-06-2008 09:35 AM

‎11-06-2008 09:35 AM

Re: how to grant a user to assess a directory under root ex... /tmp

Hi:

If the user can create a file then the user can create a directory. Directories confer the privilege.

Normal users should not create files or directories in '/tmp'. Rather, applications are intended to use '/var/tmp' for their temporary needs, reserving '/tmp' for root and operating system procecess.

That said, a good structure looks like:

# ls -ld /var
dr-xr-xr-x 26 bin bin 8192 Oct 29 2007 /var

# ls -ld /var/tmp
drwxrwxrwt 18 root sys 8192 Nov 6 12:27 /var/tmp

The absence of the (w)rite permission on '/var' prevents a non-root user from creating files or directories there, *but* allows those actions in '/var/tmp' (because of its (w)rite permissions.

Notice the use of the sticky-bit ('t') on '/var/tmp'. This prevents user "Able" from removing (deleting) a file owned by user "Baker". Directories confer write and delete permissions to files.

Regards!

...JRF...
0 Kudos
Patrick Wallek
Honored Contributor

‎11-06-2008 09:35 AM

‎11-06-2008 09:35 AM

Re: how to grant a user to assess a directory under root ex... /tmp

Those permissions for /tmp are incorrect.

The standard permissions for /tmp on HP-UX are:

rwxrwxrwt

To fix that do a:

chmod 1777 /tmp
0 Kudos
OldSchool
Honored Contributor

‎11-06-2008 09:41 AM

‎11-06-2008 09:41 AM

Re: how to grant a user to assess a directory under root ex... /tmp

ok....so Pete told you what the permissions need to be, and your permissions don't match.

Are you now asking how to fix them the way you want them? If so, i'd suggest:

man chmod

which would have answered your original question as well
0 Kudos
Grayh
Trusted Contributor

‎11-06-2008 09:53 AM

‎11-06-2008 09:53 AM

Re: how to grant a user to assess a directory under root ex... /tmp

James,

Thanks for the wonderful explanation

I now understand the purpose of sticky bit and the directory permissions

Mine looks something like below

$ ll -d /tmp
drwxr-xr-x 4 root root 1024 Nov 6 10:26 /tmp

$ ls -ld /var
dr-xr-xr-x 23 bin bin 8192 Oct 3 13:40 /var

$ ls -ld /var/tmp
drwxrwxrwt 9 root root 8192 Nov 6 10:43 /var/tmp
$

To understand directories & their permissions and the use of sticky bit, creation & deletion .. could you give me a document or link where I can read and experiment on my test boxes...

0 Kudos
Pete Randall
Outstanding Contributor

‎11-06-2008 10:00 AM

‎11-06-2008 10:00 AM

Re: how to grant a user to assess a directory under root ex... /tmp

Hey Patrick!

I checked 7 different 11.11 boxes and they're all set that way, right out of the box, as it were. Are you looking at 11.23 or 11.31, by chance?


Pete

Pete
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-06-2008 10:02 AM

‎11-06-2008 10:02 AM

Re: how to grant a user to assess a directory under root ex... /tmp

Hi (again):

> To understand directories & their permissions and the use of sticky bit, creation & deletion .. could you give me a document or link where I can read and experiment on my test boxes...

Yes:

# man chmod
# man 2 chmod

+ portions of:

http://docs.hp.com/en/B2355-90950/B2355-90950.pdf

By the way, there are cases in applications where setting the sticky bit on a directory like '/var/tmp' will cause problems. This is where user-one creates a file with a non-unique name; doesn't delete it; and user-two comes along to try and create the same named file. He will fail! Caveat emptor.

Regards!

...JRF...
0 Kudos
Grayh
Trusted Contributor

‎11-06-2008 10:55 AM

‎11-06-2008 10:55 AM

Re: how to grant a user to assess a directory under root ex... /tmp

Thanks everyone.... I was doing this on 11.23


gray ( learning unix bit by bit )
0 Kudos
Patrick Wallek
Honored Contributor

‎11-06-2008 11:07 AM

‎11-06-2008 11:07 AM

Re: how to grant a user to assess a directory under root ex... /tmp

@Pete:

Mine are all a combination of 10.20, 11.0 and 11.11 and are all rwxrwxrwt for /tmp.

Maybe we set ours that way manually after install. At this point I do not remember.
0 Kudos
Pete Randall
Outstanding Contributor

‎11-06-2008 11:27 AM

‎11-06-2008 11:27 AM

Re: how to grant a user to assess a directory under root ex... /tmp

Thanks, Patrick. I can see the logic for having the sticky bit set, in fact, I think I will do so. I just wondered if I was losing my mind (again) or not.


Pete

Pete
0 Kudos
Dennis Handly
Acclaimed Contributor

‎11-06-2008 10:55 PM

‎11-06-2008 10:55 PM

Re: how to grant a user to assess a directory under root ex... /tmp

>Pete: I can see the logic for having the sticky bit set.

For security, the sticky bit should be set. I don't think 11.11 came with that.

The compilers now complain if TMPDIR doesn't have that bit set if Write Other is enabled. It will dump a big thesis in syslog.log.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.