HPE Community
Operating System - HP-UX
1834161 Members
2519 Online
110064 Solutions
New Discussion

Re: Setting Permissions to Group accounts

 
Allan Tagliaferro
Occasional Contributor

‎12-11-2001 03:52 PM

‎12-11-2001 03:52 PM

Setting Permissions to Group accounts

Hi all,

I have recently created 6 group accounts but now would like to know how I go about setting different permissions for each of these accounts?
Is it possible to set permissions on a group rather than on the directories and files ?
as this would be quicker to do e.g. Group 1 can only read whilst Group 2 can read and Execute and Group 3 can read and write.
What is the best method of controling who does what and who has access to what?

Please help
Thanks
0 Kudos
Reply
5 REPLIES 5
Scott Van Kalken
Esteemed Contributor

‎12-11-2001 04:00 PM

‎12-11-2001 04:00 PM

Re: Setting Permissions to Group accounts

I don't think it's possible to do exactly what you're after.

I may be wrong, but I don't think so.

When dealing with permissions and groups, the group must have or be denied access to a particular object, therefore it would seem sensible that the object in question (directory, file or whatever) needs to be the place where the access is set.
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎12-11-2001 04:12 PM

‎12-11-2001 04:12 PM

Re: Setting Permissions to Group accounts

hi,

<>

The point is - read what?
write what?? The object on which the permission is set needs to be defined.

<>

One way to do it is,

#find $DIR -group -exec chmod $perm {} \;

Using the above command you can traverse specific directories and look for files/directories owned by the group and change the permissions as per a specific value.

HTH
raj
Take it easy.
0 Kudos
Reply
Deepak Extross
Honored Contributor

‎12-11-2001 06:00 PM

‎12-11-2001 06:00 PM

Re: Setting Permissions to Group accounts

First, you'll have to bunch up your users into discrete groups. The entries in /etc/passwd should reflect this.
Let's say you have
user1:groupA
user2:groupA
user3:groupB
user4:groupB
Now, if a file is created by user1 with permissions rwxrw-r--, it will be read-only for user3 and user4 but writable for user2.
If the permissions are rwxr-----, it will be read-only for user2 but inaccessible to user3 and user4.
You get the idea.
You can set the default permissions for newly created files using 'umask'. But remember that the user can change the permissions of his files - you may want to enforce a policy to take care of this.
HTH
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎12-11-2001 06:21 PM

‎12-11-2001 06:21 PM

Re: Setting Permissions to Group accounts

Hi,

Apart from chmod, for flexibility of assigning special rights on a finer granularity, you can also set ACLs on your directories.

If you are using HFS,
list ACLs: lsacl
set ACLs: chacl

If you are using JFS v3.3 and above,
list ACLs: getacl
set ACLs: setacl

A scenerio whereby you need ACL is when you want to share read/write/execute access to a file only with another user. Without ACLs, it would be too troublesome to create a new group just for this and update group membership.

For instance, the su command. You may want su to be only accessible by your administrators sysadm1 and sysadm2, thus:

# chacl '(root.%,r-x)(sysadm1.%,r-x)(sysadm2.%,r-x)(%.bin,---)(%.%,---)' `which su`

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎12-11-2001 06:23 PM

‎12-11-2001 06:23 PM

Re: Setting Permissions to Group accounts

Hi Allan,

Permissions are applied to files and directories. Normal UNIX permissions are for owner, group, and other (world). That means you can only set permissions for one group on a file or directory using normal UNIX permissions. You can however add ACLs (Access Control Lists). I can't give the specifics but that is what you need.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.