7 Replies Latest reply: Apr 30, 2013 8:34 AM by Tommyreynolds-Oracle RSS

    user permissions on folder

    Richa
      Hi,
      Got a strange requirement.
      Application base location - /Oracle/appl/test
      Application os user - appl
      We need to create a folder in such a way that application user (appl) can have full excess of that folder but another OS user (eg. appltest) can see the files (read only) can extract the files from that folder to his PC but should not able to edit that folder / files and should not be able to drop / delete any file / folder in that main folder.
      Any suggestions with commands?
        • 1. Re: user permissions on folder
          EdStevens
          Richa wrote:
          Hi,
          Got a strange requirement.
          Application base location - /Oracle/appl/test
          Application os user - appl
          We need to create a folder in such a way that application user (appl) can have full excess of that folder but another OS user (eg. appltest) can see the files (read only) can extract the files from that folder to his PC but should not able to edit that folder / files and should not be able to drop / delete any file / folder in that main folder.
          Any suggestions with commands?
          man chmod
          • 2. Re: user permissions on folder
            Richa
            Hi,
            yes it will be by using chmod but this scenario is difficult.
            Please help
            • 3. Re: user permissions on folder
              EdStevens
              Richa wrote:
              Hi,
              yes it will be by using chmod but this scenario is difficult.
              Please help
              What's so difficult?


              chmod 774 .....

              Give your 'app' user membership in the owning group. He'll have full permissions. Don't put the 'read-only' user in owning group. He'll be considered 'other' and so will have 'read only'.
              • 4. Re: user permissions on folder
                Catch-22
                ... can extract the files from that folder to his PC ...
                To set up access restirctions and allowing users to transfer or extract files to other systems are different matters. I suggest to look into file sharing services like samba, nfs or sshfs, which can be configured to allow local and remote users to access files and folders as you described. However, since you have not given us any information about your Linux system or client requirements, no further info is reasonable.
                • 5. Re: user permissions on folder
                  alvaromiranda
                  Hello,

                  If the filesystem support ACL, you should use ACL.

                  give 750 to the ownwer/group of the main user who will write/create the files

                  and you can use ACL to gran a user to just read those files.
                  • 6. Re: user permissions on folder
                    Richa
                    Still have issue.
                    The new user is created but it can easily access all folders and can download them.
                    • 7. Re: user permissions on folder
                      Tommyreynolds-Oracle
                      Application base location - /Oracle/appl/test
                      Application os user - appl
                      We need to create a folder in such a way that application user (appl) can have full excess of that folder but another OS user (eg. appltest) can see the files (read only) can extract the files from that folder to his PC but should not able to edit that folder / files and should not be able to drop / delete any file / folder in that main folder.
                      To get started for a Linux-only setup:
                      # groupadd viewers
                      # usermod -G viewers appl
                      # usermod -G viewers appltest
                      # chown -R appl:viewers /Oracle/appl/test
                      # chmod 0755 /Oracle/appl/test
                      Now, how does appltest access the files from his PC? How appltest authenticates with the server is crucial here.