Operating System - Tru64 Unix
1839240 Members
3915 Online
110137 Solutions
New Discussion

Re: security file

 
fergani
Advisor

security file

Hi everyone;
I am using tru64 unix v5.1 and I am a junior DBA.
I created a batch file inside the root directory , so I want certain users to have privileges to execute it only,but not to open it.

Do you think should I put this file inside root directory or inside the users directory who have the privileges to execute it only,but not to open it.

bye.
7 REPLIES 7
Martin Moore
HPE Pro

Re: security file

Access control lists might be the best solution for you. Do "man acl" for an introduction.

Martin
I work for HPE
A quick resolution to technical issues for your HPE products is just a click away HPE Support Center
See Self Help Post for more details

Accept or Kudo

Pieter 't Hart
Honored Contributor

Re: security file

I would suggest to keep the root directory clean.
Normally I would put own jobs like this
- at least in a subdirectory of the root (like /DBAprod)
- or even on a separate filesystem
- in your own home directory
- in a central DBAuser home directory
fergani
Advisor

Re: security file

Hi
I read the help of acl but there are many things I couldn't understand.
please could you provide my an example shown me How to get certain users to have privileges to execute a batch file only,but not to open it.

bye.
Pieter 't Hart
Honored Contributor

Re: security file

Instead of specifying each user in an acl it's more flexible to create two extra groups in /etc/group using "sysman groups".
eg. DBAexecute and DBAread (maybe also DBAowner)
add all appropriate users to the corresponding group.
set acl on the file with permissions.
"setacl -D -u group:DBAread:r--,group:DBAexecute:--x,group:DBAowner:rwx"

With standard unix protection you could also set the group of the file to DBAexecute
"chgrp DBAexecute" and set protection with chmod so the owner can read/write and the group execute.
"chmod u=rwx,g=x,o=" (o= now owner but other!)
fergani
Advisor

Re: security file

hi everyone
I need someone to explain me this statement:-
setacl -u group::r--,user:alpha:-w- shared

shared is the file.
I found it in the help but I don't understand.
bye
Martin Moore
HPE Pro

Re: security file

It gives read access to the group that owns the file (which could be done with the regular file permissions just as well) and it gives write access to the file to user "alpha".

Martin
I work for HPE
A quick resolution to technical issues for your HPE products is just a click away HPE Support Center
See Self Help Post for more details

Accept or Kudo

Martin Moore
HPE Pro

Re: security file

A further thought: have you checked out the information on ACL's in the security manual? The V5.1B manual is at http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51B_HTML/ARH95ETE/TITLE.HTM and has a very nice writeup, IMO, on ACL's. See Chapter 2, especially section 2.3.

Martin
I work for HPE
A quick resolution to technical issues for your HPE products is just a click away HPE Support Center
See Self Help Post for more details

Accept or Kudo