Read/write permissions to a specific directory

Waqar Razi · ‎08-06-2009

I have a customer request to grant read / write access to group of users to tsm client bin directory.

drwxr-xr-x 4 root bin 4096 Aug 6 11:39 bin

This directory is owned by root. I cant grant them root access and I cant change the permissions of this directory as advised by TSM administrator.

My question is can I use ACL to grant a group of users write access to this directory or is there any way to grant these group of users write access to this directory without messing up the permissions.

Ivan Ferreira · ‎08-06-2009

>>> hem root access and I cant change the permissions of this directory as advised by TSM administrator.

I think that you can just create a group called tsm and modify the permissions. Why "write" permission is needed?

Option 1:
groupadd tsm
chgrp tsm bin
chmod g+w bin

Option 2:
setfacl -m g:tsm:rwx bin

Option 3:
Use SUDO for specific actions.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Waqar Razi · ‎08-06-2009

Thats the separate group who are managing TSM backups and they need to modify the conf files their and do troubleshooting with tsm stuff.
Thats why they are asking for write permissions to this directory.

Waqar Razi · ‎08-06-2009

What will be the best option in this scenario providing not to compromise the system security.

Michal Kapalka (mikap) · ‎08-06-2009

hi,

i have only a link

Storage Manager for Linux

http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsml.doc/anrlgd5502.htm#ToC_470

mikap

Ivan Ferreira · ‎08-06-2009

>>> they need to modify the conf files

Then, they only need permissions to write the file, not the directory.

If you have a detailed description of the need, probably I can give you the options.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Waqar Razi · ‎08-07-2009

Sorry for replying late:

Here is the scenario. The current permissions on the bin directory is:

And here are the files in this directory:

total 22520

drwxr-xr-x 4 root bin 4096 Aug 6 02:23 .

drwxr-xr-x 3 root bin 4096 Nov 18 2008 ..

-r-xr-xr-x 1 root bin 2836235 May 31 2007 dsmadmc

-r-xr-xr-x 1 root bin 4816712 May 31 2007 dsmagent

-r-xr-xr-x 1 root bin 4144984 May 31 2007 dsmc

-r-xr-xr-x 1 root bin 2886332 May 31 2007 dsmcad

-rw-rw-r-- 1 root root 42703 Aug 6 12:55 dsmerror.log

-r-xr-xr-x 1 root bin 5085 May 31 2007 dsmj

-r--r--r-- 1 root bin 2102631 Jun 6 2007 dsm.jar

-r--r--r-- 1 root root 746 Nov 18 2008 dsm.opt

-r--r--r-- 1 root bin 782 Jun 6 2007 dsm.opt.smp

-r--r--r-- 1 root bin 638931 Jun 6 2007 dsm_pref.jar

-rw-r--r-- 1 root root 213891 Aug 6 08:23 dsmsched.log

-r-xr-xr-x 1 root bin 12509 Jun 6 2007 dsmswitch

-rw-r--r-- 1 root root 739 Nov 18 2008 dsm.sys

-r--r--r-- 1 root bin 971 Jun 6 2007 dsm.sys.smp

-rwsr-xr-x 1 root bin 2711734 May 31 2007 dsmtca

-r-xr-xr-x 1 root bin 274839 Jun 6 2007 dsmtrace

lrwxrwxrwx 1 root root 16 Nov 18 2008 en_US -> ../../lang/en_US

-r-xr-xr-x 1 root bin 318 Jun 6 2007 favicon.ico

drwxr-xr-x 2 root bin 4096 Nov 18 2008 images

-rw-r--r-- 1 root root 228 Nov 18 2008 inclexcl

-r--r--r-- 1 root bin 108575 Jun 6 2007 jdom.jar

-r--r--r-- 1 root bin 349114 Jun 6 2007 jh.jar

drwxr-xr-x 2 root bin 4096 Nov 18 2008 plugins

-rw-r--r-- 1 root root 977 Aug 6 02:16 tsmstats.ini

-r--r--r-- 1 root bin 850653 Jun 6 2007 uil.jar

-r--r--r-- 1 root bin 834852 Jun 6 2007 xercesImpl_2_2_1.jar

-r--r--r-- 1 root bin 83089 Jun 6 2007 xmlParserAPIs_2_2_1.jar

The customer wants to create 15 users and all of them have following sets of permissions:

1) rwx on directory /opt/Tivoli/..bin
2) rw on files dsmerror.log;dsmsched.log;dsm.opt;dsm.sys;inclexcl

Waqar Razi · ‎08-07-2009

Sorry for replying late:

Here is the scenario. The current permissions on the bin directory is:

drwxr-xr-x 4 root bin 4096 Aug 6 11:39 bin

And here are the files in this directory:

total 22520

drwxr-xr-x 4 root bin 4096 Aug 6 02:23 .

drwxr-xr-x 3 root bin 4096 Nov 18 2008 ..

-r-xr-xr-x 1 root bin 2836235 May 31 2007 dsmadmc

-r-xr-xr-x 1 root bin 4816712 May 31 2007 dsmagent

-r-xr-xr-x 1 root bin 4144984 May 31 2007 dsmc

-r-xr-xr-x 1 root bin 2886332 May 31 2007 dsmcad

-rw-rw-r-- 1 root root 42703 Aug 6 12:55 dsmerror.log

-r-xr-xr-x 1 root bin 5085 May 31 2007 dsmj

-r--r--r-- 1 root bin 2102631 Jun 6 2007 dsm.jar

-r--r--r-- 1 root root 746 Nov 18 2008 dsm.opt

-r--r--r-- 1 root bin 782 Jun 6 2007 dsm.opt.smp

-r--r--r-- 1 root bin 638931 Jun 6 2007 dsm_pref.jar

-rw-r--r-- 1 root root 213891 Aug 6 08:23 dsmsched.log

-r-xr-xr-x 1 root bin 12509 Jun 6 2007 dsmswitch

-rw-r--r-- 1 root root 739 Nov 18 2008 dsm.sys

-r--r--r-- 1 root bin 971 Jun 6 2007 dsm.sys.smp

-rwsr-xr-x 1 root bin 2711734 May 31 2007 dsmtca

-r-xr-xr-x 1 root bin 274839 Jun 6 2007 dsmtrace

lrwxrwxrwx 1 root root 16 Nov 18 2008 en_US -> ../../lang/en_US

-r-xr-xr-x 1 root bin 318 Jun 6 2007 favicon.ico

drwxr-xr-x 2 root bin 4096 Nov 18 2008 images

-rw-r--r-- 1 root root 228 Nov 18 2008 inclexcl

-r--r--r-- 1 root bin 108575 Jun 6 2007 jdom.jar

-r--r--r-- 1 root bin 349114 Jun 6 2007 jh.jar

drwxr-xr-x 2 root bin 4096 Nov 18 2008 plugins

-rw-r--r-- 1 root root 977 Aug 6 02:16 tsmstats.ini

-r--r--r-- 1 root bin 850653 Jun 6 2007 uil.jar

-r--r--r-- 1 root bin 834852 Jun 6 2007 xercesImpl_2_2_1.jar

-r--r--r-- 1 root bin 83089 Jun 6 2007 xmlParserAPIs_2_2_1.jar

The customer wants to create 15 users and all of them have following sets of permissions:

1) rwx on directory /opt/Tivoli/..bin
2) rw on files dsmerror.log;dsmsched.log;dsm.opt;dsm.sys;inclexcl

Ivan Ferreira · ‎08-07-2009

>> The customer wants to create 15 users and all of them have following sets of permissions:
>>
>> 1) rwx on directory /opt/Tivoli/..bin
>> 2) rw on files dsmerror.log;dsmsched.log;dsm.opt;dsm.sys;inclexcl

If the customer asked to do exactly that, then option 1 is enough.

Just remember, that providing write access to the directory they are able to delete/replace files even if they does not have no permissions to the file, so, if you provide requirement 1, there is no option to provide requirement 2 only, they will be able to replace any file on the directory.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Read/write permissions to a specific directory

Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory

Re: Read/write permissions to a specific directory