• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

User levels

We are running on Tru64 v5.0a and I'd like to set up 3 levels of users:
root - full root access/functionality
admin - root access (all directories)
user - rwx permission for their directories only

I don't want to have to use the option of logging in as an admin level user and shelling to root, I would like full accesibility to all directories without having access to commands available to the root user.

I tried setting up an admin account with the same primary and secondary groups as the root user, but that didn't do anything (I thought since root belonged to specific groups, that any other account belonging to the same groups would have equal access).

The root user is taken care of. I understand how to set up the groups and directory permissions for users based on the group, its the admin level account I need to figure out.

Thanks


0
dgiessen
Asked:
dgiessen
1 Solution
 
chris_calabreseCommented:
It doesn't work that way in Unix.  Users with UID 0 (i.e., root) can do "everything".  Other users are restricted by file permissions and also by not being able to do certain security and administration tasks.  The way to do this is to login as yourself and then "go root" when you need to with 'su'.
0
 
chris_calabreseCommented:
Hmm, well, there's one othe way of doing it...

You can install sudo (a free tool) and write a little script that runs with root permissions and gives certain lognames access to a limited set of operations on all files.
0
 
dgiessenAuthor Commented:
I'd rather avoid any scripts or using su to access root permissions.

What about this scenario:
You have 2 groups: alpha, beta
You have 2 directories with ownership set as:
dir1 = group alpha
dir2 = group beta

Now you have 2 users:
user1 belongs to the alpha (primary) group
user2 belongs to the beta (primary) group and alpha (secondary) group

Shouldn't user2 be able to access dir1 and dir2?

On our system, this does not work. User2 can only access a directory that matches his primary group, not anything in his secondary group. If this is the way its supposed to work, whats the purpose of the seondary group?

Is it possible to get this to work?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
chris_calabreseCommented:
Yes, the users should be able to access things from both their primary and secondary groups.  Maybe there's some True-64 specific magic here, though.  I don't know True-64.
0
 
fredericoCommented:
The group functionality should work only if permission is given to "group".
Eg.
-rwxrwx---  for directories
-rw-r----- or
-rw-rw----  for files.

So if the directory "dir1" only has -rwx------ then group beta will not be able to access any file, and so on.

Look at all permissions, and if you can't make it work could you post an example with all the permissions of the upper level directories and of the files involved so we can have another go.

Cheers

FF
0
 
yuzhCommented:
If you don't like chris_calabrese's script suggestion, I think you stiil endup have to use "su" or "sudo"
0
 
Nisus091197Commented:
Have you tried using newgrp

Regards, Nisus
http://www.omnimodo.com
0
 
tfewsterCommented:
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- PAQ & refund points

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster (I don't work here, I'm just an Expert :-)
0
 
moduloCommented:
Finalized as proposed

modulo

Community Support Moderator
Experts Exchange
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now