Solved

User levels

Posted on 2002-03-22
9
229 Views
Last Modified: 2010-04-21
We are running on Tru64 v5.0a and I'd like to set up 3 levels of users:
root - full root access/functionality
admin - root access (all directories)
user - rwx permission for their directories only

I don't want to have to use the option of logging in as an admin level user and shelling to root, I would like full accesibility to all directories without having access to commands available to the root user.

I tried setting up an admin account with the same primary and secondary groups as the root user, but that didn't do anything (I thought since root belonged to specific groups, that any other account belonging to the same groups would have equal access).

The root user is taken care of. I understand how to set up the groups and directory permissions for users based on the group, its the admin level account I need to figure out.

Thanks


0
Comment
Question by:dgiessen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6889787
It doesn't work that way in Unix.  Users with UID 0 (i.e., root) can do "everything".  Other users are restricted by file permissions and also by not being able to do certain security and administration tasks.  The way to do this is to login as yourself and then "go root" when you need to with 'su'.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6889790
Hmm, well, there's one othe way of doing it...

You can install sudo (a free tool) and write a little script that runs with root permissions and gives certain lognames access to a limited set of operations on all files.
0
 

Author Comment

by:dgiessen
ID: 6889807
I'd rather avoid any scripts or using su to access root permissions.

What about this scenario:
You have 2 groups: alpha, beta
You have 2 directories with ownership set as:
dir1 = group alpha
dir2 = group beta

Now you have 2 users:
user1 belongs to the alpha (primary) group
user2 belongs to the beta (primary) group and alpha (secondary) group

Shouldn't user2 be able to access dir1 and dir2?

On our system, this does not work. User2 can only access a directory that matches his primary group, not anything in his secondary group. If this is the way its supposed to work, whats the purpose of the seondary group?

Is it possible to get this to work?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6890045
Yes, the users should be able to access things from both their primary and secondary groups.  Maybe there's some True-64 specific magic here, though.  I don't know True-64.
0
 
LVL 2

Expert Comment

by:frederico
ID: 6890855
The group functionality should work only if permission is given to "group".
Eg.
-rwxrwx---  for directories
-rw-r----- or
-rw-rw----  for files.

So if the directory "dir1" only has -rwx------ then group beta will not be able to access any file, and so on.

Look at all permissions, and if you can't make it work could you post an example with all the permissions of the upper level directories and of the files involved so we can have another go.

Cheers

FF
0
 
LVL 38

Expert Comment

by:yuzh
ID: 6893048
If you don't like chris_calabrese's script suggestion, I think you stiil endup have to use "su" or "sudo"
0
 
LVL 5

Expert Comment

by:Nisus091197
ID: 6915784
Have you tried using newgrp

Regards, Nisus
http://www.omnimodo.com
0
 
LVL 21

Expert Comment

by:tfewster
ID: 7833260
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- PAQ & refund points

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster (I don't work here, I'm just an Expert :-)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 7908984
Finalized as proposed

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question