HPE Community
Operating System - HP-UX
1833107 Members
3189 Online
110051 Solutions
New Discussion

User privilidges

 
Adam Noble
Super Advisor

‎03-17-2004 02:37 AM

‎03-17-2004 02:37 AM

User privilidges

All,

I have had a slightly strange request from a user asking if he can have privilidges to delete (housekeep) files from another users directory. After investigation I can understand his reasoning, is their a simple way of doing this. Didn't really want to go down the route of Sudo or opening up the user directory too much.

Thanks
0 Kudos
Reply
12 REPLIES 12
David Burgess
Esteemed Contributor

‎03-17-2004 02:44 AM

‎03-17-2004 02:44 AM

Re: User privilidges

Adam,

Put them in the same group and set group permissions to allow this. However if you only want to give access to certain files this may be a bit more tricky. You may have to have the group changed on the files after they are created.

Regards,

Dave.
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

‎03-17-2004 02:56 AM

‎03-17-2004 02:56 AM

Re: User privilidges

Adam,

did that solve your problem?

greetings,

Michael
0 Kudos
Reply
Adam Noble
Super Advisor

‎03-17-2004 02:57 AM

‎03-17-2004 02:57 AM

Re: User privilidges

Not really Michael, the reason being it would enable numerous different users to have the same privilidge i.e to delete files.
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

‎03-17-2004 03:05 AM

‎03-17-2004 03:05 AM

Re: User privilidges

Adam,

another way could be access control lists. Have you worked with that before?

have a look at man acl,

Michael
0 Kudos
Reply
Charlie Rubeor
Frequent Advisor

‎03-17-2004 03:08 AM

‎03-17-2004 03:08 AM

Re: User privilidges

I don't use them myself, but I think that you should be able to use an acl to grant access to a specific user. Look at the man page for acl (man 5 acl). Depending on your filesystem, look at chacl for hfs, setacl for jfs.

hth
0 Kudos
Reply
Adam Noble
Super Advisor

‎03-17-2004 03:11 AM

‎03-17-2004 03:11 AM

Re: User privilidges

Thanks guys I will take a look!
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎03-17-2004 03:47 AM

‎03-17-2004 03:47 AM

Re: User privilidges

Is your system trusted? Trusted systems don't support ACLs unless you have jfs4 I believe. Can anyone clarify that?

Regards,

Dave.
0 Kudos
Reply
Mark Grant
Honored Contributor

‎03-17-2004 03:58 AM

‎03-17-2004 03:58 AM

Re: User privilidges

Adam,

How about making a new group that only these two users are members of. Make this group the primary group for your first user and the second user will be able to delete these files if you set them up correctly.

Of course, if user one can't have a new primary group then we are back to square one.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎03-17-2004 04:12 AM

‎03-17-2004 04:12 AM

Re: User privilidges

Adam,

using Marks idea you could have the users in multiple groups and then issue the newgrp command to change primary group before creating the files.

ie if a user is in primary group grpa and has group membership grpa and grpb then

touch file1

will create a file owned by that user with grpa membership

then run

newgrp grpb

touch file2

will create a file owned by that user with grpb membership

If only those users share one of those groups then only they can delete the files those files.

Regards,

Dave.
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎03-17-2004 04:18 AM

‎03-17-2004 04:18 AM

Re: User privilidges

To save the deleting user issuing the newgrp link /etc/logingroup to /etc/group.

see the man page logingroup

From that :-

"If /etc/logingroup and /etc/group are links to the same file, the default access list includes the entire set of groups associated with the user."

Regards,

Dave.
0 Kudos
Reply
Adam Noble
Super Advisor

‎03-17-2004 04:19 AM

‎03-17-2004 04:19 AM

Re: User privilidges

will review in morning thanks for advice.
0 Kudos
Reply
Charlie Rubeor
Frequent Advisor

‎03-17-2004 07:58 AM

‎03-17-2004 07:58 AM

Re: User privilidges

Additional info on acl

http://www.docs.hp.com/hpux/onlinedocs/os/jfs_acl.pdf
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.