From owner-freebsd-questions@FreeBSD.ORG Tue Jan 9 19:03:54 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A6A7D16A403 for ; Tue, 9 Jan 2007 19:03:54 +0000 (UTC) (envelope-from gs_stoller@juno.com) Received: from outbound-mail.nyc.untd.com (outbound-mail.nyc.untd.com [64.136.20.164]) by mx1.freebsd.org (Postfix) with SMTP id 4F2BA13C458 for ; Tue, 9 Jan 2007 19:03:54 +0000 (UTC) (envelope-from gs_stoller@juno.com) Received: from webmail23.nyc.untd.com (webmail23.nyc.untd.com [10.141.27.163]) by smtpout06.nyc.untd.com with SMTP id AABC4H3ZUAQJ3M5S for (sender ); Tue, 9 Jan 2007 11:03:14 -0800 (PST) X-UNTD-OriginStamp: /s5f1SIGSI3+WdnoYQ8yRGOXcQnyJZu5YvSxrDEpNfN0tO0XZIBJHw== Received: (from gs_stoller@juno.com) by webmail23.nyc.untd.com (jqueuemail) id MBNSW4NU; Tue, 09 Jan 2007 11:02:56 PST Received: from [10.141.30.38] by webmail23.nyc.untd.com with HTTP: Tue, 9 Jan 2007 19:01:41 GMT X-Originating-IP: [10.141.30.38] Mime-Version: 1.0 From: "gs_stoller@juno.com" Date: Tue, 9 Jan 2007 19:01:41 GMT To: chandler@chapman.edu, brett@net24.co.nz, roberthuff@rcn.com X-Mailer: Webmail Version 4.0 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Type: text/plain Message-Id: <20070109.110256.14368.1628204@webmail23.nyc.untd.com> X-ContentStamp: 31:15:2296245232 X-MAIL-INFO: 1d6e8e2f3e3f3e4b879f37efe3c32ebb9b97ceefbe877e2a1e77abd3b73e0ebb1a974adb2bb7c373abf36a3af37b9af36a279f77fa0b1e736aae6e17ce17c77eebc7573b0bd77a2b8afa9e6ed76e477a47b3bf63fe67fe4e8f7b1fab02029b776e8e2f8f3f3e33779ecfe39ff38b93839f4fbedb X-UNTD-Peer-Info: 10.141.27.163|webmail23.nyc.untd.com|webmail23.nyc.untd.com|gs_stoller@juno.com Cc: freebsd-questions@freebsd.org Subject: Re: Permissions Question & Re: Permissions advice needed X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 19:03:54 -0000 The following suggestion should work for both problems and avoid the difficulties I saw with the other solutions. Write an executable (Korn shell) script owned by the owner of the files to be examined (thus he should have all the access he needs) which checks the user-id of its caller [effective and/or original] (to make sure unauthorized users don't get access) and the current date against an end-date (to shut off access at the desired date automatically), probably use the julian date to make checking easier. While I have your attention, does anybody know of jobs for any or all of the following: C/C++, Korn shell scripts, and SQL (Sybase) = programmers. I live in the NYC suburbs area (Rockland Cty) and I'm willing to telecommute and maybe even relocate. My resume can be sent by email upon request. On 1/8/2007, "Andy Greenwood" wrote >On 1/8/07, Kirk Strauser wrote: > On Monday 08 January 2007 12:07 pm, Jay Chandler wrote: > >> I've got a user who needs to be able to view (read only) the aliases >> file. We'll grant him root access a few weeks after the eventual >> heat-death of the universe, so how would you all go about doing this?= >> >> You could configure sudo to give him access to run that one >> command as root. One has to be very careful about giving out such access! root has much power. On 8 Jan 2007 13:24:58, Kirk Strauser wrote > On Monday 08 January 2007 12:57 pm, Andy Greenwood wrote: >> I've never used them, but wasn't ACL written just for this scenario? > Perhaps, but that seems like a lot more effort to accomplish a > relatively easy job. Would work, but it doesn't take into account the time limitation (>> We'll grant him root access a few weeks). On 8 Jan 2007 15:07:01, Robert Huff wrote > Jay Chandler writes: (snip) >> Hand him some sheets of printout? Waste of paper (and trees). Also, one can't use UNIX tools on the data (e.g., grep , editors) to put some of the data in other docs. >> = >> Sadly, the data change too often for this to be effective. > Copy the file evey N minutes, then change ownership and > permissions? Again, too much work for the owner. On 08 Jan 2007 13:19:32 Jay Chandler wrote >Robert Huff wrote: >> Jay Chandler writes: >> >>(snip) >> Copy the file evey N minutes, then change ownership and >> permissions? >>(snip) > Probably the simplest way to do it-- just wanted to make sure I wasn't= > overlooking something silly. > Thanks! Too much work for the one copying unless he has a script do it maybe as a cron job. On 9 Jan 2007 08:43:11, "Brett Davidson" wrote (on Subject: Permissions advice needed.) > = > I have a curious problem. > = > I need an executable file to be owned by a user's uid and gid so they > can run it. A user can run a script/binary file whose uid and gid differ from his (Just give "other" 'rx' permission.) If you want to give such access only to one user, put him in an ACL. Give him 'rx' permission; he won't be able to modify the file. Anyway, why must the executable file be owned by the user running it? > HOWEVER, I don't want them to be able to modify or delete the file > and/or it's permissions. Another program will do that. > This, under standard Unix permissions, is a tad difficult. :-) "difficult"??? I don't see that. > ACL's don't help here as the owner of a file has the ability to = > change permissions. > I could set the immutable bit (Linux term for the schg flag) but the > modifying program does not recognise this flag and will thus fail to > modify the file. > (I have no control over the modifying program). > Any ideas?