Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Restrict access to file for a particular user

Posted on 2002-05-13
9
Medium Priority
?
239 Views
Last Modified: 2013-12-27
can anyone tell me how do we grant a particular privilege(read or write or execute) on a particular file to a particular user ?!!!.

0
Comment
Question by:srinusimhadri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 2

Expert Comment

by:jonke
ID: 7006133
If you are looking for setting up basic permissions, then you need to set file ownership and permissions using chmod, chown and chgrp.

If you wish to give a user permissions on a file other than the owner of the file e.g. other than the standard unix user:group:other style permissions, u need to use acl's. You need to setup a maximum permission allowed under acl control e.g.

setfacl -m mask:rwx afile

Would allow an acl to give a user full control over that file even if given the standard unix file permissions they would normally be just classed as other. Then to give a specific user permissions on a file, you would use:

setfacl -m user:<username>:rwx afile

So it depends whether it is standard unix file permissions or acl's you require.
0
 

Author Comment

by:srinusimhadri
ID: 7006289
So, that means acls are not standard.
what do u mean by not being standard ?
do u mean I need to install/compile additional components into unix kernel ?
ro
do u mean its already a basic feature, but no one wants to use ?
or
the acls are not part of original ? (why was it like that ?!!!)

What will the overhead if I use acls ?

Please advise.
0
 
LVL 2

Expert Comment

by:jonke
ID: 7006364
I don't mean anything much by ACL's not being standard - just they do not get used a huge amount as for the majority of siutations, the user/group/other style of unix file permissions is enough..

ACL's have been created to give an extra level of granularity to file permissions if required.

They are a standard part of Solaris.

The downside of using ACL's is that there is a slight extra administrative overhead.

There are no performance hits or anything like that associated with using ACL's.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:srinusimhadri
ID: 7006383
great.
Just wanted to know, how often acls are used in production environments.
seems to be that, mostly no one is using them (being unpopular yet, atleast with me).

it means,
If I go ahead with using acls, I might be doing something which industry not really practicing much.

Please comment.
0
 

Author Comment

by:srinusimhadri
ID: 7006398
I was creating some files.
Suddenly I realised that I need to assign the write permission to a particulary user,
and browsed through documentations, but could only find the commands for assigning standard way of rights, and not the acls.


I am thinking shall I proceed with assigning that one privilege to one user on that one file !!! (in such a big production system)
0
 
LVL 2

Expert Comment

by:jonke
ID: 7006403
You should have no problem implementing ACL's in a production environment - they are a totally tried and tested part of Solaris, and have been in it as long as I have been working with it so should be no problem.

In what circumstances would you be using them? Would you have to create a lot of different permissions for a lot of different users? Or is it just a particular user you wish to allow permission to a particular file?

0
 

Author Comment

by:srinusimhadri
ID: 7006408
I am just one user out of lot of users using that system.
And I am not sure how they are doing.
0
 
LVL 2

Accepted Solution

by:
jonke earned 800 total points
ID: 7008068
Well - if you wish to assign a write to a particular user for on file - then yes - I think you have answered your own question.

Remeber that ACL's don't override normal unix permissions, they just supplement them.

The important thing is if its a production environment - just be sure to adhere to all change control policies, and to document what you are doing so other people that access the system in the future know what you have done.

0
 

Author Comment

by:srinusimhadri
ID: 7008149
Thanks ionke.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question