Comments | unixadmin: Suggestions for a better way to solve the problem?

reboot_kid in unixadmin

Suggestions for a better way to solve the problem?

May 14, 2009 08:38

So, I'm out here looking for suggestions. My current situation involves file permissions ( Read more... )

Comments 8

lord_jim May 14 2009, 15:42:45 UTC

Try this: If A and B are in the same group, the directory and files in question should be owned by the group and group write set (something like mode 775 (directories) or 664 (files)). That way A or B can remove the files.

reboot_kid May 14 2009, 16:12:48 UTC

Yeah. I thought I said "User B is prohibited from having write access to the file or directory" Perhaps I missed that in my post.

lord_jim May 14 2009, 16:22:39 UTC

D'oh! My bad. Ok I thought my answer was too simple for you to not have thought of it. Indeed it apparently was. :)

fings May 14 2009, 16:16:29 UTC

But then B can write to the directory, which he states is prohibited.

Try this: file is placed in directory "foo", which is user-owned by A and group-owned by group G (which B does not belong to), permissions 775. User B does his transmission of the file, and then uses a SGID-to-group-G copy of "rm" to remove the file.

riffalike May 14 2009, 16:42:55 UTC

in sudoers:
userB hostname = (root) /bin/rm -f /path/to/file

as userB:
sudo /bin/rm -f /path/to/file

reboot_kid May 14 2009, 16:44:15 UTC

Good thought. I'll give that a whirl!

riffalike May 14 2009, 16:49:08 UTC

Another similarly write-privileged user would work here too. Such as userA instead of root.

metafinsolution February 12 2013, 12:46:25 UTC

Large data centers are industrial scale operations using as much electricity as a small town and hence they need Data center Rack Security and sometimes are a significant source of air pollution in the form of diesel exhaust.Effective data center operation requires a balanced investment in both the facility and the housed equipment.