LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-24-2012, 12:52 PM   #1
fmhweb
LQ Newbie
 
Registered: Sep 2012
Posts: 1

Rep: Reputation: Disabled
Circumvent user rights (cp)


Hi everyone,

I have a Script using the smbclient to replace an existing file.csv, executing it with _USER_1 (Control-M).

/etc/group
_GROUP_1:x:1001:_USER_1,_USER_2

The file/directory has the following rights:

drwxr-xr-x 2 _USER_1 _GROUP_1 4096 Sep 19 15:23 DIRECTORY_1
-rw-r--r-- 1 _USER_1 _GROUP_1 27937 Sep 24 13:09 file.csv

As _USER_1, I can obviously replace the file (rw)

Now the file has to be copied to this diretory and replace the existing file:

drwxr-xr-x 2 _USER_2 _GROUP_1 4096 Sep 19 15:23 DIRECTORY_2
-rw-r--r-- 1 _USER_2 _GROUP_1 27937 Sep 24 13:09 file.csv

Obviously the USER_1 only has read rights on the file inherited by _GROUP_1, so i cannot replace it. (r)

I have provided the following soloutions to our SAP admins:

1: Execute the script twice to replace the file, but with the appropriate user and path (Recommended - This is how they do it now)
2: Execute the script with the root user (Not recommended)
3: Using /etc/sudoers to give the user root rights when executing this specific script with _USER_1 (Rejected)
4: We give _GROUP_1 write rights for that directory (Rejected)

I believe it is fine how we do it now, but they want me to get it done using one script. (???)

1) Comming from Windows I was told to create a service account. But it would still need root rights, right?
2) As a bit of a newbie, I am not sure what other possible solutions there are and I am hoping for some hints?

Last edited by fmhweb; 09-24-2012 at 01:01 PM.
 
Old 09-24-2012, 01:32 PM   #2
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 12.04/14.04, Scientific Linux 6.3/6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,791

Rep: Reputation: 157Reputation: 157
Is the idea of a service account to take files dumped there by (or into the account of) User_1 and transfer them to User_2's account?

If that's what is wanted,... The "service user account" simply needs read/write authority in the destination directory and, at least, read authority in the source directory (or read/write authority in the source directory if it is intended to "move" the file from there). It doesn't need full root authority.

As far as executing the script, that can be done as a cron job,... scheduled, so that no actual user has to log in to execute it. Or, if you want it to be really elaborate, you can have the script execute, essentially, as a daemon, scanning the directory for files matching a particular filter, and then "automatically" moving them. However, it's probably easier for the script just execute via cron on some regular interval,... else it could, if not properly set up, run away with itself, hogging processing bandwidth.
 
Old 09-24-2012, 01:36 PM   #3
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,831
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Quote:
Originally Posted by JaseP View Post
Is the idea of a service account to take files dumped there by (or into the account of) User_1 and transfer them to User_2's account?

If that's what is wanted,... The "service user account" simply needs read/write authority in the destination directory and, at least, read authority in the source directory (or read/write authority in the source directory if it is intended to "move" the file from there). It doesn't need full root authority.

As far as executing the script, that can be done as a cron job,... scheduled, so that no actual user has to log in to execute it. Or, if you want it to be really elaborate, you can have the script execute, essentially, as a daemon, scanning the directory for files matching a particular filter, and then "automatically" moving them. However, it's probably easier for the script just execute via cron on some regular interval,... else it could, if not properly set up, run away with itself, hogging processing bandwidth.
I agree, rather than having someone log into root why not just run a cron job as root. This way nobody has root permissions except the admin setting up the initial cron job. If the script is written right then it shouldn't matter if it's running as root and you can change permissions of the file once it has reached it's destination (i.e. change ownership to the new user).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
user rights fmpfmpf Linux - Newbie 1 05-08-2008 07:41 AM
user rights cj4331 Linux - Newbie 6 02-20-2008 11:43 PM
User rights metallica1973 Linux - Software 8 07-29-2006 12:51 PM
Squid proxy with user authentication and user rights duvanhorn Linux - Networking 0 08-07-2003 04:40 AM
User rights rcoman Linux - Networking 2 04-21-2003 01:56 PM


All times are GMT -5. The time now is 08:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration