My question is how I can make one folder accessible when script running.
In this case lets call there is bob who copying his folder by using script to specific location and there is jeff who also sharing the same group as bob also he copying his file to there with using script.
The problem is that when I set file group they need write and execute permission and when I gave to them they are able to see each other file content if they know full path of the file.
To stop that I am thinking to completely deleting all permission on folder and only giving the permission when script running and doing copying process.
But problem is that when those users run the script and script try to chmod the file permission they are not going to be able to because they don't have enough permission to do it. Also if I add them on sudoers, they are going to be able to chmod and change anything as they want to change.
So I am so confused about how I can make the script change permission of folder and when copying completed turn back to previous permission
You should add a sudoers entry to allow ALL or the selected group to run a given script that does the copy to a restricted directory, with NOPASSWD to avoid the password prompt.
Then the users invoke
$ sudo /path/to/copy-to-restricted-dir files*
but users don't have access to restricted directory nor to chmod.
Related
I have a custom requirement by a specific user , that he wants me to write a shell script to move files from one folder to another folder . These two folders have different owners
Now, I managed to do that by logging in as root, but want to achieve this without giving root privileges to user.
I am not allowed to do any new package installation,
Not allowed to use any another shell than Korn .
Please suggest a solution.
Yeah I know this is not a safer way and a bad approach, still am curious about satisfying the need of a user ..
Write a script to move files.
change the ownership of the script to root
Update the /etc/sudoers file to give the user permissions to run the script as root:
user ALL = NOPASSWD: /opt/script.sh
User can execute the script: sudo /opt/script.sh
That shouldn't ask for root password, but give the user privileges to run the script as root.
I have a binary script along with a key file and required libs in a folder on my shell. There are 3 users on the shell currently whom I want to allow to run the binary script. Each user who runs it runs it as a separate instance/process. In order to start, the script is run by using an .sh file which specifies the location of the binary and its libs. For example, ./script.sh is the command.
I have the script currently in /home/script/user (will create also dir called /user2 for other user) where script is a new user I created for it. User runs the .sh from their homedir and then it automatically writes a config file in /home/script/user. I have been playing around with chmod because I don't want anyone to be allowed to steal the script or any of its contents inside the directory. To summarize, I only want users to be able to execute the binary and read the libs and key file as well as write their config to respective user directory in /home/script/. I don't want to allow them to delete, edit, copy, or download anything inside the /script directory. Currently only the binary can't be altered in anyway, but the key file and libs are able to be copied or downloaded. I couldn't figure out how to chmod the key and libs so that they can't be copied etc, only read to run binary successfully.
Please let me know how I can accomplish my permission goals and/or if there is another or easier way to do this. Thanks.
I believe you can achieve most of what you want with chmod and groups. So to allow a bunch of users to run a script you'd create a group, add them to it. Create a group and add users to it like this:
groupadd <groupname>
usermod -a -G <groupname> <username>
Then to make a file only executable by a group you'd run
chgrp <groupname> <file>
chmod g+x <file>
Unfortunately because of the way that chmod works you cannot allow a file to be read but not copied. This is because chmod works with read, write and execute permissions and if you can read you can copy.
I have a unix shell script file whose owner is "xyz" when run deletes some specific files.
I want to trigger this script to delete files in some other directory where the owner for the files to be deleted is different from the owner of the script. Is this possible? Is this possible to run this script as different user so that it can delete those new files?
EDIT : I use Autosys to periodically trigger this script.
You can chmod the files that need to be deleted first if you have sufficient rights. Afterwards your script, no matter what user it executes, will succeed.
Examples : http://en.wikipedia.org/wiki/Chmod
Usually you use sudo for that:
sudo -u ANOTHER_USER /path/to/the/script.sh
However, your current account needs proper permissions to do so. You can configure those permissions using the file /etc/sudoers.
You'll find a ton of articles out there how to use sudo. This for example: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:Ch09:_Linux_Users_and_Sudo
I have made a script for installing a control panel.
I've uploaded the script to a server so people can wget it to their machines.
The only issue is that you have to chmod it after download. Is there a way to remove this step? How would I go about keeping 755 perms on the downloaded script?
When a user downloads the file, the file will automatically get some default permission. In UNIX, each user will have a default set of permissions which apply to all files created by that user, unless you explicitly set it to something else.
This default is called the umask, after the command used to change it. It is either inherited from the login process, or set in the .shrc or .login file which configures an individual account, or it can be run manually.
Typically the default configuration is equivalent to typing 'umask 22' which produces permissions of:
-rw-r--r-- for regular files, or
drwxr-xr-x for directories.
In other words, user has full access, everyone else (group and other) has read access to files, lookup access to directories. As you see above, the execution access is not default for files.
Hence you need to explicitly change it.
I try to execute a shell script during the build in Jenkins but i get an : "access denied" when i try to create a new folder.
I try to launch a php script in the shell script and i get access denied as well
I launched Jenkins from the .war file.
My question is how to give access to the shell script or user that execute to write in a specific folder?
I cannot put the chmod to 777 of this folder (too dangerous).
Easy fix/hack is to change the permissions on the folder Jenkins is trying to write to to 777.
chmod 777 foldername
Long term I would figure out what user Jenkins is running as and either change the folder ownership to that user or add Jenkins to whatever group the folder permissions are a part of.
I finally launched my script through an url with the curl command, and this worked fine.
It's not really a nice solution to the problem but i didn't find any other work around ;)