- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Special Directory Permission?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2007 04:41 PM
05-14-2007 04:41 PM
I was asked a question like this.
Suppose there is a directory as follows: /mydir/dir1/dir2/dir3
Can we limit user1 only to dir3 in HP-UX?
That means grant that user read access to dir3 only and revoking its read access to mydir, dir1, and dir2.
As far as I know, this can't be done.
But if it can, then I'll be very interested. :)
Thanks,
=adley=
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2007 05:06 PM
05-14-2007 05:06 PM
SolutionI'm not too sure whether it can be done using ACL's or deny "rw" to parent dir and just giving them "x" permission to change directories. But, I have a workaround. It can be acheived using loopback filesystem which is often not used by many in HPUX. see the below example you will get my point...
root@somehost# cd /tmp
root@somehost# mkdir -p dir1/dir2/dir3
root@somehost# ls -ld dir1
drwxr-x--- 3 root sys 96 May 14 23:53 dir1/
root@somehost# mkdir dir_ac
root@somehost# cd dir1/dir2
root@somehost# ll
total 0
drwxr-x--- 2 root sys 96 May 14 23:53 dir3
root@somehost# chmod 777 dir3
root@somehost# cd ../..
root@somehost# ll -d dir1
drwxr-x--- 3 root sys 96 May 14 23:53 dir1
root@somehost# ll -d dir_ac
drwxr-x--- 2 root sys 96 May 14 23:53 dir_ac
root@somehost# mount -F lofs /tmp/dir1/dir2/dir3 /tmp/dir_ac
NOTE: The normal user will not be able to cd to dir1 or dir2, let alone view its content, but the user can cd to /tmp/dir_ac and do what ever he likes, inspite of the fact that dir3 is inside a restricted dir "dir1" and "dir2". lofs makes it possible to tunnel to a dir directly from different FS path. May be you wanna give it a shot.
SK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2007 05:24 PM
05-14-2007 05:24 PM
Re: Special Directory Permission?
Apart from the above lofs solution, Here I have pasted a simple permission solution, Please choose whichever is more flexible for your need.
root@somehost# cd /tmp
root@somehost# chmod 751 dir1
root@somehost# chmod 751 dir1/dir2
root@somehost# ll -d dir1
drwxr-x--x 3 root sys 96 May 14 23:53 dir1
root@somehost# su a666632
root@somehost# cd dir1
root@somehost# ls
. unreadable
root@somehost# cd dir2
root@somehost# ls
. unreadable
root@somehost# cd dir3
root@somehost# ls
sen
SK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2007 06:18 PM
05-14-2007 06:18 PM
Re: Special Directory Permission?
$ ll -ogd dir1
d-wxrwxr-x 3 96 May 14 23:13 dir1/
$ ll -og dir1
dir1 unreadable
$ ll -og dir1/dir2/dir3/
-rw-rw-r-- 1 0 May 14 23:13 a
-rw-rw-r-- 1 0 May 14 23:13 b
And if you want to limit this to a specific user and not group, you would need ACLs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 02:06 PM
05-15-2007 02:06 PM
Re: Special Directory Permission?
Thanks to you all for the answers.
All method works, but as the requirement is to "contain" the user to only a specific folder (no traversing to the parent direcotry), I'll go with the first option.
=adley=
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 09:55 PM
05-15-2007 09:55 PM
Re: Special Directory Permission?
you can give the user a restricted shell and set /mydir/dir1/dir2/dir3 as HOME.
So no leaving of that HOME directory will be possible.
This will fit only if really no other direct directory access is needed.
mfG Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 10:52 PM
05-15-2007 10:52 PM
Re: Special Directory Permission?
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2007 12:14 AM
05-22-2007 12:14 AM
Re: Special Directory Permission?
I actually like your solution, but this user needs at least two directories. Well, I can ask the developers if it's possible to restrict the user to just one though :)
Peace Bill,
The user is used purely for SFTP-ing actually, not a human. So I don't think menus will work in this case, although I agree with you that menus will definitely work for humans.
=adley=