HPE Community
Operating System - HP-UX
1822088 Members
3701 Online
109640 Solutions
New Discussion юеВ

user permission to be restricted

 
SOLVED
Go to solution
Abdul Salam H S_1
Frequent Advisor

тАО04-22-2002 09:15 AM

тАО04-22-2002 09:15 AM

user permission to be restricted

Hi,

I have a user(x), belonging to group(y).For security reasons,I don't want this user to have the full rights, which he gets by default, being in that particular group.For this user, I need to set write permissions for one particular directory and read permission for another directory.Is it possible to do this and how? Can we use ACL for doing this.Is ACL supported with vxfs? Since all the Filesystems I have are vxfs.

Thanks and regds,

Abdul Salam
0 Kudos
Reply
11 REPLIES 11
S.K. Chan
Honored Contributor

тАО04-22-2002 09:22 AM

тАО04-22-2002 09:22 AM

Re: user permission to be restricted

ACL is supported for JFS3.3 and above. You can use the command "setacl" and "getacl". For more details ..

# man setacl
# man getacl
Reply
Helen French
Honored Contributor

тАО04-22-2002 09:30 AM

тАО04-22-2002 09:30 AM

Solution

Re: user permission to be restricted

Hi Abdul =))

Yes you can use ACLs for doing this task. You need to have JFS version 3.3 for this. ACL is not supported on version 3.0. You can use getacl and setacl commands. See the man pages.

Also this site will give you all details about ACLs with JFS:

http://www.docs.hp.com/hpux/onlinedocs/os/jfs_acl.pdf

HTH,
Shiju

how's life there ?


Life is a promise, fulfill it!
Reply
Hai Nguyen_1
Honored Contributor

тАО04-22-2002 09:32 AM

тАО04-22-2002 09:32 AM

Re: user permission to be restricted

ACL is supported only by hfs filesystems.

Try SAM to restrict the user's rights.

Hai
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

тАО04-22-2002 09:34 AM

тАО04-22-2002 09:34 AM

Re: user permission to be restricted

HI
I would suggest to create that user (x) in all together different group (z) and then use ACLs to allow him to write into dir.s required.

Thanks.
Prashant.

Take it as it comes.
0 Kudos
Reply
Abdul Salam H S_1
Frequent Advisor

тАО04-23-2002 12:41 AM

тАО04-23-2002 12:41 AM

Re: user permission to be restricted

Hi friends,

Thank you all for your valuable advices.
I haven't tried it.Once I try it, I'll assign the points.

Thanks and Regds,

Abdul Salam
0 Kudos
Reply
Abdul Salam H S_1
Frequent Advisor

тАО04-25-2002 06:22 AM

тАО04-25-2002 06:22 AM

Re: user permission to be restricted

Hi,

I have one more doubt! Is it possible to convert the vxfs filesystem (JFS ver 3.0), which I already have to JFS 3.3 online ie, without doing newfs on it, so that I won't lose the data in it? I heard something like vxupgrade command.Does it solve my requirement?

Also, the JFS 3.3 which I downloaded from the hp site didn't get installed. Although, swlist -d shows both the bundles ,JFS foundation and JFS 3.3 ,it gave error during analysis phase and came out.Has anyone tried this? What could be wrong?


Thanks and Regds,

Abdul Salam
0 Kudos
Reply
Helen French
Honored Contributor

тАО04-25-2002 07:02 AM

тАО04-25-2002 07:02 AM

Re: user permission to be restricted

Abdul daa =))

You are right. The command is vxupgrade. This is the normal procedure:

1) Install JFS 3.3 from the application CD
2) Use the vxupgrade(1M) command to convert the filesystem from version 3 to 4 disk layout.
3) If you create new filesystems, then specify the version option -4 with mksf command.

Check and make sure that you have all the latest patches in the system before you do this. Also check the man pages and see about the file system space requirement before you convert it. vxupgrade requires free space in the file system to perform the upgrade.

See this admin guide too:

http://www.docs.hp.com/hpux/onlinedocs/B3929-90011/B3929-90011.html

HTH,
Shiju
Life is a promise, fulfill it!
Reply
Helen French
Honored Contributor

тАО04-25-2002 07:10 AM

тАО04-25-2002 07:10 AM

Re: user permission to be restricted

Abdul:

One more thing - you should not try to upgrade the /, /usr, /var, /opt etc. It is not supported and will give you problems while system boots. Once you upgrade, it cannot be downgraded ! Also once upgraded to version 4 file systems, it will be mountable only on:

1)HP-UX 11.0 with JFS3.3 from application CD
2) HP-UX 11.1X and above

HTH,
Shiju
Life is a promise, fulfill it!
0 Kudos
Reply
Wodisch
Honored Contributor

тАО04-25-2002 08:09 AM

тАО04-25-2002 08:09 AM

Re: user permission to be restricted

Hi,

since you would have to set a LOT of ACLs, how about configuring that user to
- run in a "chroot" environment
- use a "restricted" shell
- makeing only restricted versions of the neccessary programs available

But simply the best would be to NOT give them any shell at all!

Just my $0.02,
Wodisch
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

тАО04-25-2002 09:42 AM

тАО04-25-2002 09:42 AM

Re: user permission to be restricted

HI
Install the JFS product from application CD.
#swinstall -x ask=true -x autoreboot=true -S/SD_CDROM JFS

Before install the necessary patches (at least the QPAK)
After rebooting machine you will have to install licnse key and enable online JFS-

#/sbin/vxlicense -c
#/sbin/fs/vxfs3.3/vxenablef -a (to enable online JFS)

Once done, you can upgrade all Non VG00 volumengroups to version 4 layout with
#/sbin/fs/vxfs3.3/vxupgrade -n 4
command.

Thanks.
Prashant Deshpande.
Take it as it comes.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.