User access
This is a discussion on User access within the comp.unix.solaris forums, part of the Solaris Operating System category; --> Hi, Need help !! os ver: solaris 2.6 Issue: I have a user named : amit, amit logs in ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-06-2008, 07:14 PM
| ||||
| ||||
 User access Hi, Need help !! os ver: solaris 2.6 Issue: I have a user named : amit, amit logs in his home directory: /home/amit. Now there are 2 subdirectories ie /home/amit/Dir 1 /home/amit/Dir 2 What i want to do is as follows: (1) amit should only be able to cd to /home/amit/Dir 1 and /home/amit/Dir 2. He should be unable to cd to anywhere else on the server. (2) amit should be able to creat files in any of the dirs ie Dir 1 & Dir 2 but he should not be able to create any new dirs other than the existing two. (3) amit should not be able to delete any of the files present in any of the above mentioned dirs. (4) amit should noy be able to go anywhere else on the server. How do i go about doing this? you may reply at amit@billdesk also or over here ie in the group. Thanks in advance. Best regards amit kaushal      |
|
01-06-2008, 07:15 PM
| |||
| |||
| Re: User access |
|
01-06-2008, 07:15 PM
| |||
| |||
| Re: User access amitka@gmail.com wrote: >Hi, > >Need help !! > >os ver: solaris 2.6 > >Issue: >I have a user named : amit, amit logs in his home directory: >/home/amit. > >Now there are 2 subdirectories ie /home/amit/Dir 1 > /home/amit/Dir 2 > >What i want to do is as follows: >(1) amit should only be able to cd to /home/amit/Dir 1 and >/home/amit/Dir 2. He should be unable to cd to anywhere else on the >server. >(2) amit should be able to creat files in any of the dirs ie Dir 1 & >Dir 2 but he should not be able to create any new dirs other than the >existing two. >(3) amit should not be able to delete any of the files present in any >of the above mentioned dirs. >(4) amit should noy be able to go anywhere else on the server. > >How do i go about doing this? >you may reply at amit@billdesk also or over here ie in the group. > > >Thanks in advance. > >Best regards >amit kaushal > > > I think you may be asking for more than the O/S is capable of! There is no way to prevent a user from using the cd command to change to any directory he chooses. The permissions on that directory may deny him permission to read the directory or to write to it or both. Any user must have read access to files located in /usr, for example. If any file in the system has permissions that grant world access, any user will have access to that file. If the system is properly set up no user should be able to create or delete files in directories that do not belong to him or grant him access via group or world permissions. If Solaris 2.6 supports Access Control Lists (I don't know, the oldest system I've used is Solaris 8) you could deny him execute access to /usr/bin/mkdir but that would not necessarily prevent him from creating a directory if he is both skilled and determined to do so. You can deny him the ability to delete existing files in his home directory by making some other user the owner of the files and denying write access to group and world. Any files he creates will be owned by him and you cannot prevent him from deleting them unless you immediately change the file ownership and permissions to prevent him from doing so. |
|
01-06-2008, 07:15 PM
| |||
| |||
| Re: User access On 2005-02-21, Richard B. Gilbert <rgilbert88@comcast.net> wrote: > I think you may be asking for more than the O/S is capable of! There is > no way to prevent a user from using the cd command to change to any > directory he chooses. The permissions on that directory may deny him > permission to read the directory or to write to it or both. lofs mounts of all essential hierarchies below the home directory and chroot to $HOME should do the trick, though. And lofs was already supported by Solaris 2.6. Maybe even by earlier releases. Andreas. |
|
01-06-2008, 07:15 PM
| ||||
| ||||
| Re: User access In article <1108984469.105377.84930@g14g2000cwa.googlegroups. com>, amitka@gmail.com wrote: > Hi, > > Need help !! > > os ver: solaris 2.6 > > Issue: > I have a user named : amit, amit logs in his home directory: > /home/amit. > > Now there are 2 subdirectories ie /home/amit/Dir 1 > /home/amit/Dir 2 > > What i want to do is as follows: > (1) amit should only be able to cd to /home/amit/Dir 1 and > /home/amit/Dir 2. He should be unable to cd to anywhere else on the > server. > (2) amit should be able to creat files in any of the dirs ie Dir 1 & > Dir 2 but he should not be able to create any new dirs other than the > existing two. > (3) amit should not be able to delete any of the files present in any > of the above mentioned dirs. > (4) amit should noy be able to go anywhere else on the server. > > How do i go about doing this? > you may reply at amit@billdesk also or over here ie in the group. > > > Thanks in advance. > > Best regards > amit kaushal What shell are they running? Is there a restricted version of that shell? csh, ksh, and sh have "restricted" versions of these shell that prevent the sort of access your talking about. There's also the link to setting up a chrooted directory. -- DeeDee, don't press that button! DeeDee! NO! Dee... |
Linear Mode
