srinusimhadri
asked on
Restrict access to file for a particular user
can anyone tell me how do we grant a particular privilege(read or write or execute) on a particular file to a particular user ?!!!.
ASKER
So, that means acls are not standard.
what do u mean by not being standard ?
do u mean I need to install/compile additional components into unix kernel ?
ro
do u mean its already a basic feature, but no one wants to use ?
or
the acls are not part of original ? (why was it like that ?!!!)
What will the overhead if I use acls ?
Please advise.
what do u mean by not being standard ?
do u mean I need to install/compile additional components into unix kernel ?
ro
do u mean its already a basic feature, but no one wants to use ?
or
the acls are not part of original ? (why was it like that ?!!!)
What will the overhead if I use acls ?
Please advise.
I don't mean anything much by ACL's not being standard - just they do not get used a huge amount as for the majority of siutations, the user/group/other style of unix file permissions is enough..
ACL's have been created to give an extra level of granularity to file permissions if required.
They are a standard part of Solaris.
The downside of using ACL's is that there is a slight extra administrative overhead.
There are no performance hits or anything like that associated with using ACL's.
ACL's have been created to give an extra level of granularity to file permissions if required.
They are a standard part of Solaris.
The downside of using ACL's is that there is a slight extra administrative overhead.
There are no performance hits or anything like that associated with using ACL's.
ASKER
great.
Just wanted to know, how often acls are used in production environments.
seems to be that, mostly no one is using them (being unpopular yet, atleast with me).
it means,
If I go ahead with using acls, I might be doing something which industry not really practicing much.
Please comment.
Just wanted to know, how often acls are used in production environments.
seems to be that, mostly no one is using them (being unpopular yet, atleast with me).
it means,
If I go ahead with using acls, I might be doing something which industry not really practicing much.
Please comment.
ASKER
I was creating some files.
Suddenly I realised that I need to assign the write permission to a particulary user,
and browsed through documentations, but could only find the commands for assigning standard way of rights, and not the acls.
I am thinking shall I proceed with assigning that one privilege to one user on that one file !!! (in such a big production system)
Suddenly I realised that I need to assign the write permission to a particulary user,
and browsed through documentations, but could only find the commands for assigning standard way of rights, and not the acls.
I am thinking shall I proceed with assigning that one privilege to one user on that one file !!! (in such a big production system)
You should have no problem implementing ACL's in a production environment - they are a totally tried and tested part of Solaris, and have been in it as long as I have been working with it so should be no problem.
In what circumstances would you be using them? Would you have to create a lot of different permissions for a lot of different users? Or is it just a particular user you wish to allow permission to a particular file?
In what circumstances would you be using them? Would you have to create a lot of different permissions for a lot of different users? Or is it just a particular user you wish to allow permission to a particular file?
ASKER
I am just one user out of lot of users using that system.
And I am not sure how they are doing.
And I am not sure how they are doing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ionke.
If you wish to give a user permissions on a file other than the owner of the file e.g. other than the standard unix user:group:other style permissions, u need to use acl's. You need to setup a maximum permission allowed under acl control e.g.
setfacl -m mask:rwx afile
Would allow an acl to give a user full control over that file even if given the standard unix file permissions they would normally be just classed as other. Then to give a specific user permissions on a file, you would use:
setfacl -m user:<username>:rwx afile
So it depends whether it is standard unix file permissions or acl's you require.