Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

User levels

Posted on 2002-03-22
9
Medium Priority
?
232 Views
Last Modified: 2010-04-21
We are running on Tru64 v5.0a and I'd like to set up 3 levels of users:
root - full root access/functionality
admin - root access (all directories)
user - rwx permission for their directories only

I don't want to have to use the option of logging in as an admin level user and shelling to root, I would like full accesibility to all directories without having access to commands available to the root user.

I tried setting up an admin account with the same primary and secondary groups as the root user, but that didn't do anything (I thought since root belonged to specific groups, that any other account belonging to the same groups would have equal access).

The root user is taken care of. I understand how to set up the groups and directory permissions for users based on the group, its the admin level account I need to figure out.

Thanks


0
Comment
Question by:dgiessen
9 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6889787
It doesn't work that way in Unix.  Users with UID 0 (i.e., root) can do "everything".  Other users are restricted by file permissions and also by not being able to do certain security and administration tasks.  The way to do this is to login as yourself and then "go root" when you need to with 'su'.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6889790
Hmm, well, there's one othe way of doing it...

You can install sudo (a free tool) and write a little script that runs with root permissions and gives certain lognames access to a limited set of operations on all files.
0
 

Author Comment

by:dgiessen
ID: 6889807
I'd rather avoid any scripts or using su to access root permissions.

What about this scenario:
You have 2 groups: alpha, beta
You have 2 directories with ownership set as:
dir1 = group alpha
dir2 = group beta

Now you have 2 users:
user1 belongs to the alpha (primary) group
user2 belongs to the beta (primary) group and alpha (secondary) group

Shouldn't user2 be able to access dir1 and dir2?

On our system, this does not work. User2 can only access a directory that matches his primary group, not anything in his secondary group. If this is the way its supposed to work, whats the purpose of the seondary group?

Is it possible to get this to work?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6890045
Yes, the users should be able to access things from both their primary and secondary groups.  Maybe there's some True-64 specific magic here, though.  I don't know True-64.
0
 
LVL 2

Expert Comment

by:frederico
ID: 6890855
The group functionality should work only if permission is given to "group".
Eg.
-rwxrwx---  for directories
-rw-r----- or
-rw-rw----  for files.

So if the directory "dir1" only has -rwx------ then group beta will not be able to access any file, and so on.

Look at all permissions, and if you can't make it work could you post an example with all the permissions of the upper level directories and of the files involved so we can have another go.

Cheers

FF
0
 
LVL 38

Expert Comment

by:yuzh
ID: 6893048
If you don't like chris_calabrese's script suggestion, I think you stiil endup have to use "su" or "sudo"
0
 
LVL 5

Expert Comment

by:Nisus091197
ID: 6915784
Have you tried using newgrp

Regards, Nisus
http://www.omnimodo.com
0
 
LVL 21

Expert Comment

by:tfewster
ID: 7833260
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- PAQ & refund points

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster (I don't work here, I'm just an Expert :-)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 7908984
Finalized as proposed

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question