HPE Community
Operating System - HP-UX
1844208 Members
2002 Online
110229 Solutions
New Discussion

HPUX 11.0 User Access

 
SOLVED
Go to solution
LG Porter
Frequent Advisor

‎12-18-2002 07:08 AM

‎12-18-2002 07:08 AM

HPUX 11.0 User Access

I have a rp7400 running HPUX 11.0. I have a user that needs access to the application file to read them. I have added this user to the group that owns the files however the user still can not read the files? I have change the permissions on the directories and files with "other" with read only, only to discover that when I login as the user and attempt to change into the directory that I get permission denied. The diectory has read access to other allowed, is there another method or area that I need to configure in order to allow this user access?
0 Kudos
Reply
7 REPLIES 7
John Dvorchak
Honored Contributor

‎12-18-2002 07:14 AM

‎12-18-2002 07:14 AM

Solution

Re: HPUX 11.0 User Access

What is the permission on the parent directory? It has to have at least x (execute) for other or you have access but you can't see anything. Good rule of thumb is to make sure that the parent directory has 755 permissions on that child directory to allow anyone to use the directory.
If it has wheels or a skirt, you can't afford it.
Reply
Ravi_8
Honored Contributor

‎12-18-2002 07:16 AM

‎12-18-2002 07:16 AM

Re: HPUX 11.0 User Access

Hi,

$file
if it is executable, even though user has read permission user can't read
never give up
Reply
Robert-Jan Goossens
Honored Contributor

‎12-18-2002 07:16 AM

‎12-18-2002 07:16 AM

Re: HPUX 11.0 User Access

Hi,

Try
# groups user
if the syntax is right.

# groups gorj
user
# cd /home/oracle
ksh: /home/oracle: permission denied

added gorj to group oracle
# groups gorj
oracle user
# cd /home/oracle
no problem.

Robert-Jan.
Reply
LG Porter
Frequent Advisor

‎12-18-2002 07:31 AM

‎12-18-2002 07:31 AM

Re: HPUX 11.0 User Access

I have checked the group access with this user as well the directory permissions. I have even added the user to the group. This system is a "trusted" system; is there another area that would need to be configured in order to allow this user access?
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-18-2002 07:35 AM

‎12-18-2002 07:35 AM

Re: HPUX 11.0 User Access

Hi,

you may have ACLs implemented on your system. If so, the best thing to do is to read the acl manpage:

http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-90684&service=hpux&path=../B2355-90684/00/00/6&title=HP-UX%20Reference%20Volume%205%3A%20Sections%205%2C%207%2C%20and%209

[...]
"Access control lists are a key enforcement mechanism of discretionary access control (see Definitions below), for specifying access to files by users and groups more selectively than traditional HP-UX mechanisms allow."
[...]

You may also want to look at lsacl:
http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-90680&service=hpux&path=../B2355-90680/00/01/173&title=HP-UX%20Reference%20Volume%201%3A%20Section%201

and chacl:
http://docs.hp.com/cgi-bin/onlinedocs.py?mpn=B2355-90680&service=hpux&path=../B2355-90680/00/01/173&title=HP-UX%20Reference%20Volume%201%3A%20Section%201

Of course, if you don't have ACLs, all this is meaningless...

Cheers,

FiX

Reply
doug hosking
Esteemed Contributor

‎12-19-2002 07:07 AM

‎12-19-2002 07:07 AM

Re: HPUX 11.0 User Access

You don't go into detail about how you checked groups. Could it be a missing symlink between /etc/logingroup and /etc/group, causing the group membership to not be
fully initialized at login time? That
would cause things to LOOK fine with
grep, etc. of the group file, but not
to actually work. (If the link is fixed,
the user would need to login again after
fixing it.)

As was already mentioned, lack of 'x'
permission on one of the directories could
also cause problems.

Reply
Shannon Petry
Honored Contributor

‎12-19-2002 07:17 AM

‎12-19-2002 07:17 AM

Re: HPUX 11.0 User Access

Well, I would like to see your current directory permissions. You state that it is read permission, which will NOT allow anyone to change directory.

In directories, the bits work like this
1=execute allows cwd
2=write allows create
4=read allows listing
Sticky bits work odd, so I wont even touch them here.

For a user to cd to a directory, the directory must have execute permission for the user, and read permission is not required unless they want to see things.

Regards,
Shannon

Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.