Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jan 2007 19:01:41 GMT
From:      "gs_stoller@juno.com" <gs_stoller@juno.com>
To:        chandler@chapman.edu, brett@net24.co.nz, roberthuff@rcn.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Permissions Question & Re: Permissions advice needed
Message-ID:  <20070109.110256.14368.1628204@webmail23.nyc.untd.com>

next in thread | raw e-mail | index | archive | help
The following suggestion should work for both problems and avoid the
difficulties I saw with the other solutions.
Write an executable (Korn shell) script owned by the owner of the
files to be examined (thus he should have all the access he needs)
which checks the user-id of its caller [effective and/or original]
(to make sure unauthorized users don't get access) and the current
date against an end-date (to shut off access at the desired date
automatically), probably use the julian date to make checking easier.

While I have your attention, does anybody know of jobs for any or all
of the following: C/C++, Korn shell scripts, and  SQL (Sybase) =

programmers.  I live in the NYC suburbs area (Rockland Cty) and
I'm willing to telecommute and maybe even relocate.  My resume can
be sent by email upon request.

On 1/8/2007, "Andy Greenwood" <greenwood.andy@gmail.com> wrote
>On 1/8/07, Kirk Strauser <kirk@strauser.com> wrote:
> On Monday 08 January 2007 12:07 pm, Jay Chandler wrote:
>
>> I've got a user who needs to be able to view (read only) the aliases
>> file.  We'll grant him root access a few weeks after the eventual
>> heat-death of the universe, so how would you all go about doing this?=

>>
>> You could configure sudo to give him access to run that one
>> command as root.
One has to be very careful about giving out such access!
root has much power.

On 8 Jan 2007 13:24:58, Kirk Strauser <kirk@strauser.com> wrote
> On Monday 08 January 2007 12:57 pm, Andy Greenwood wrote:
>> I've never used them, but wasn't ACL written just for this scenario?

> Perhaps, but that seems like a lot more effort to accomplish a
> relatively easy job.
Would work, but it doesn't take into account the time limitation
(>> We'll grant him root access a few weeks).

On 8 Jan 2007 15:07:01, Robert Huff <roberthuff@rcn.com> wrote
> Jay Chandler writes:

(snip)
>> Hand him some sheets of printout?
Waste of paper (and trees).  Also, one can't use  UNIX  tools on the
data (e.g.,  grep , editors) to put some of the data in other docs.
>>   =

>>  Sadly, the data change too often for this to be effective.

> 	Copy the file evey N minutes, then change ownership and
> permissions?
Again, too much work for the owner.

On 08 Jan 2007 13:19:32 Jay Chandler <chandler@chapman.edu> wrote
>Robert Huff wrote:
>> Jay Chandler writes:
>>
>>(snip)
>> 	Copy the file evey N minutes, then change ownership and
>> permissions?
>>(snip)
> Probably the simplest way to do it-- just wanted to make sure I wasn't=

> overlooking something silly.

> Thanks!
Too much work for the one copying unless he has a script do it
maybe as a  cron  job.


On 9 Jan 2007 08:43:11, "Brett Davidson" <brett@net24.co.nz> wrote
(on Subject: Permissions advice needed.)
> =

> I have a curious problem.
> =

> I need an executable file to be owned by a user's uid and gid so they
> can run it.
A user can run a script/binary file whose uid and gid differ from his
(Just give "other" 'rx' permission.)
If you want to give such access only to one user, put him in an ACL.
Give him 'rx' permission; he won't be able to modify the file.
Anyway, why must the executable file be owned by the user running it?
> HOWEVER, I don't want them to be able to modify or delete the file
> and/or it's permissions. Another program will do that.

> This, under standard Unix permissions, is a tad difficult. :-)
"difficult"???  I don't see that.
> ACL's don't help here as the owner of a file has the ability to =

> change permissions.

> I could set the immutable bit (Linux term for the schg flag) but the
> modifying program does not recognise this flag and will thus fail to
> modify the file.
> (I have no control over the modifying program).

> Any ideas?





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070109.110256.14368.1628204>