Administration query !!!!

[goodluva]

Hi guy's
Hope somebody out there can help me

I have been given a task of restricting user access to certain areas on our server from our french team in paris, but they will need to be able to use the services, informix and usual unix commands.

Do you have any ideas how this could be achieved ?

Thanx

 

[bigscouse]

roles may be able to help. Ged Jones

Top man

 

[jad]

or you could use groups.

create a new group (seperate from the french) and add all the users who you want to be able to access specific sections
eg. in /etc/group file

root::0:
other::1:
bin::2:root,daemon
...
users::6000:root
sansfren::8000:userA,userB,userC
...

then 'chgrp -R sansfren' the whole filesystem that you dont want the french to access; 'chmod -R o-wrx' the whole filesystem that you dont want the french to access and voila they do't have access but your users do.

however anyone writing into this area will need to 'newgrp sansfren' and change their UMASK to 660 or equivalent.

groups can also have passwords attached to them, if you want to make sure.

Btw. We use groups ... and they also work on Solaris 2.4 systems

Jon.

 

[dchoulette]

If the area you want to protect in all in one top directory, you can create a group, as Jon said, and change only this top directory:

chgrp sansfren myTopDirectory
chmod o-rwx myTopDirectory

As far as I know, without the right 'x', the 'o'thers (all people not in the sansfren group), are unable to cd or use anything (even subdirectories) under this top directory.

No need then to 'newgrp' or set the umask. All files or directories created under myTopDirectory are unavailable for people not in the sansfren group.

I do not test this recently, though.
Anybody can confirm ?

Another solution. If you have acl enabled on your system just explicitly remove right 'x' on the top directory for member of group french. This way you do not need to create (and update !) the group sansfren.