HPE Community
Operating System - HP-UX
1851865 Members
3631 Online
104062 Solutions
New Discussion

Re: user file permissions

 
Michael Murphy_2
Frequent Advisor

‎12-18-2003 03:31 AM

‎12-18-2003 03:31 AM

user file permissions

Hello,

Does anyone know of a way to proactively keep users from creating files with open permissions (like 777)? Currently alarming on them - but management is asking if there is way to enforce this by not allowing it in the first place. My initial response was no - but I thought I would let the experts weigh in. I am aware of umask - don't think that completely fixes the problem though...
0 Kudos
Reply
10 REPLIES 10
Mark Grant
Honored Contributor

‎12-18-2003 03:34 AM

‎12-18-2003 03:34 AM

Re: user file permissions

You can't stop them changing the permissions on files they have already created. You can stop them defaulting to 777 with the "umask" command in the .profile.

If I were you, instaed of alarming on these situations, I'd run a cron job that just changed them. Only those owned by the users mind!!!

If things start to break, your users will stop doing it fairly quickly.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-18-2003 03:36 AM

‎12-18-2003 03:36 AM

Re: user file permissions

It would be darn hard to do, I think. There's no way I can think of to prevent them changing there umask value. You could restrict the chmod and chgrp commands via permissions but they can still play with umask and end up more permissive than you would like.


Pete

Pete
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-18-2003 03:37 AM

‎12-18-2003 03:37 AM

Re: user file permissions

You do not have control over that.

The dafult perms ar edecided by umask setting.

But a knowledable user can always override that setting.
There is no substitute to HARDWORK
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-18-2003 03:38 AM

‎12-18-2003 03:38 AM

Re: user file permissions

Hi
If you realy want to stop them doing it them run a cron to changew any 777 file they create to 000 and email them the results with a big security warning embedded in the email as to why 777 files are dangerous. They will soon get fed up and stop doing it.

;^)

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-18-2003 03:41 AM

‎12-18-2003 03:41 AM

Re: user file permissions

Or

Cron job =

If file with 777 found
Log them off.
Disable their login
Email them that until they stop doing it this will happen.


I can be nasty at times to users.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-18-2003 03:41 AM

‎12-18-2003 03:41 AM

Re: user file permissions

Hi Michael,

They should not be able to *create* them with 777 perms as the default umask should be 022. The could only create them with 644 because files can only be granted 666 at creation. They have to be running chmod 777 filename after creation.
This is really a user education issue unless you want to set up a cron job that will hunt 777 files down & chmod them to a sane value.

You could also try setting up the users with a 122 umask effectively taking away their write privilege after creation, but that could inhibit their work.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-18-2003 03:42 AM

‎12-18-2003 03:42 AM

Re: user file permissions

You can play games with umask but umask is only as good as its last setting. Note that 777 has to be intentionally chmod'ed for regular files created in the shell since the creation mode (before umask is applied) for regular files is 666.

UNIX assumes that the user knows what he is doing -- there is really no answer except education. The good news is that ignorance is treatable; stupidity, on the other hand, ...
If it ain't broke, I can fix that.
0 Kudos
Reply
Mark Grant
Honored Contributor

‎12-18-2003 03:44 AM

‎12-18-2003 03:44 AM

Re: user file permissions

Paula,

Do you have a script that would set fire to their terminal as well?
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-18-2003 03:48 AM

‎12-18-2003 03:48 AM

Re: user file permissions

I don't think she does, but I suspect she has one that'll reach out & slap 'em around a little =~))

Cheers,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-18-2003 03:58 AM

‎12-18-2003 03:58 AM

Re: user file permissions

Hi

Very funny guys ROTFLMFAO.

Normally I am very tolerant of users, but after being told Donâ t do it several times then it is time for the fun and games.

I once had a users that used to send me daft emails - a spare D class server, a small script and he was sent approx 50 â GO AWAYâ emails / second for 10 mins, Drastic but it worked. (I did prewarn the network guys).

If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.