Guest_imported
New member
- Jan 1, 1970
- 0
What command(s) should I use to give a specific user specific access to one (or many) of my file or folders?
Any advise appreciated!
Any advise appreciated!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
how to give specific users specific access to my files/directory
- Thread starter Guest_imported
- Start date
- Status
AIXSPadmin
MIS
Permissions are the standard control for allowing/denying access to files in unix. Permission are for owner/group/other with each set having read, write, and execute permissions; with read a 4, write a 2 and execute a 1.
For example 700 means the owner has read, write, execute for the file but nobody else. 755 would be owner-read,write,execute and group/other read,execute.
The other way is that each file has an owner and group, for example root/staff. This means that in an example of 750, root would have read,write,execute and anyone in the staff group would have read,execute prvileges.
If you want only yourself and 1 other person the have access to files, create a group and add their user id to that group and change the permissions to allow that group access to the file(s), as well as yourself, of course, as owner.
For example 700 means the owner has read, write, execute for the file but nobody else. 755 would be owner-read,write,execute and group/other read,execute.
The other way is that each file has an owner and group, for example root/staff. This means that in an example of 750, root would have read,write,execute and anyone in the staff group would have read,execute prvileges.
If you want only yourself and 1 other person the have access to files, create a group and add their user id to that group and change the permissions to allow that group access to the file(s), as well as yourself, of course, as owner.
ACls also come to mind?
What are Access Control Lists (ACLs)?
ACLs are an extension to standard permission bits. They allow fine grain control for
each file or directory by modifying the standard permissions that are assigned to
individuals or groups. There are three assignments you can make for each group or user: PERMIT Grants the specified access to the file or directory.
DENY Restricts the specified access to the file or directory.
SPECIFY Precisely defines the file or directory access.
NOTE: If a user is denied a particular access by either a deny or a specify
keyword, no other entry can override that access denial.
The acledit command is used to create an ACL. First you must set the EDITOR/
environment variable with the full path to your favorite text editor. For example:
export EDITOR=/usr/bin/vi.
Then use:
acledit file_name
This will bring up a screen like:
attributes:
base permissions
owner(rcunning): rwx
group(staff): r--
others: ---
extended permissions
disabled
To set the extended permissions, change the disabled setting to enabled:
extended permissions
enabled
Use the permit, deny or specify keywords to define the extended permissions. The
preceding example shows that only the owner can write to this file. The group staff
can read the file and other has no permissions. To allow user joe to read and write
the file, use:
extended permissions
enabled
permit rw- u:joe
To allow group joegroup to read the file, use:
permit r-- g:joegroup
You can fine tune the permissions by combining the multiple entries on the same
line. If you want to give pete read and write access ONLY, and if he is currently
part of the system group, use:
permit rw- u
ete, g:system
To add permissions for several users or groups, use separate lines:
permit rw- u:joe
permit rw- uete
Further information on the acledit command appears in InfoExplorer for AIX
Version 4.2 and earlier or the man pages.
Two other ACL commands can be used, aclget and aclput:
aclget file_name outputs the permissions to standard out.
aclget file_name file_with_permissions sets ACLs on file file_name from file
file_with_permissions.
To copy the ACLs from one file to another, use:
aclget <file_name> | aclput <new_file_name>
Use the ls -el command to see if an ACL is set on a file. For example,
the ls -el .profile command shows:
-rwxr-----+
The + in the last position means the file has an ACL enabled.
CAUTION: Using the chmod command with numeric arguments will disable
the ACL for a file or directory.
What are Access Control Lists (ACLs)?
ACLs are an extension to standard permission bits. They allow fine grain control for
each file or directory by modifying the standard permissions that are assigned to
individuals or groups. There are three assignments you can make for each group or user: PERMIT Grants the specified access to the file or directory.
DENY Restricts the specified access to the file or directory.
SPECIFY Precisely defines the file or directory access.
NOTE: If a user is denied a particular access by either a deny or a specify
keyword, no other entry can override that access denial.
The acledit command is used to create an ACL. First you must set the EDITOR/
environment variable with the full path to your favorite text editor. For example:
export EDITOR=/usr/bin/vi.
Then use:
acledit file_name
This will bring up a screen like:
attributes:
base permissions
owner(rcunning): rwx
group(staff): r--
others: ---
extended permissions
disabled
To set the extended permissions, change the disabled setting to enabled:
extended permissions
enabled
Use the permit, deny or specify keywords to define the extended permissions. The
preceding example shows that only the owner can write to this file. The group staff
can read the file and other has no permissions. To allow user joe to read and write
the file, use:
extended permissions
enabled
permit rw- u:joe
To allow group joegroup to read the file, use:
permit r-- g:joegroup
You can fine tune the permissions by combining the multiple entries on the same
line. If you want to give pete read and write access ONLY, and if he is currently
part of the system group, use:
permit rw- u
ete, g:systemTo add permissions for several users or groups, use separate lines:
permit rw- u:joe
permit rw- u
eteFurther information on the acledit command appears in InfoExplorer for AIX
Version 4.2 and earlier or the man pages.
Two other ACL commands can be used, aclget and aclput:
aclget file_name outputs the permissions to standard out.
aclget file_name file_with_permissions sets ACLs on file file_name from file
file_with_permissions.
To copy the ACLs from one file to another, use:
aclget <file_name> | aclput <new_file_name>
Use the ls -el command to see if an ACL is set on a file. For example,
the ls -el .profile command shows:
-rwxr-----+
The + in the last position means the file has an ACL enabled.
CAUTION: Using the chmod command with numeric arguments will disable
the ACL for a file or directory.
- Status