user permissions

blubbfish · 04-27-2004, 07:45 AM

Hi,
i want a normal user to be able to only execute the rsync and the normal user commands without giving him root privileges. The normal standart user rights should be equal. ssh connect is np my prob is i want to "rsync -e ssh" a special file and i want to cron this job but the job has to run with a non root user.
rsync runs fine with the root user but how can i allow one special normal user to run rsync. The tough thing is i am not allowed to run sudo!
Please help me;-)

Greetz
Blubb

yfel · 04-28-2004, 02:14 AM

One traditional way to do things like this is to create a group and use that to handle the permissions. Let's say I wanted the user Bob to be able to send the file /var/log/syslog to a remote server via a cronjob.

If I wanted to go the group-permissions route, I could create a group called "syslogsenders" and add Bob to it. Then I would assign group ownership to the file and set the permissions, like so:

Code:

addgroup syslogsenders
adduser Bob syslogsenders
chgrp syslogsenders /var/log/syslog
chmod 0640 /var/log/syslog

The chmod line there sets the permissions to rw-r-----, meaning that the owner (root) can read and write, the group (syslogsenders) can read, and nobody else can do anything. Since Bob is a member of group syslogsenders, he can read /var/log/syslog (and thus rsync it in the cronjob).

An alternative way to do this involves access control lists, but it's not as standard in the UNIX world presently, and this way is tried-and-true.

I hope this helps.

blubbfish · 04-28-2004, 06:33 AM

thanks for the tip its functioning with the group permissions even im not too happy with this solution its a workaruond.
Thanks