File permission setup including execution

MeganP · July 30, 2007, 4:26pm

Oracle uses 'dbadmin' user on UNIX and one of the oracle trigger creates a file. However, it doesn't provide 'Read' & 'Write' access to 'group' & 'other' users. Per security reasons, we shouldn't use 'umask' feature. We have been trying to use 'setfacl' commands to achieve the same, but couldn't succeeded so far.

*************
cd /tmp
getfacl TEST.TXT
setfacl -r -m u:user001:rwx TEST.TXT
getfacl TEST.TXT
***********

Request:
1) The created shell script (Owner: dbadmin) should be able to provide 'r', 'w' & 'x' privileges to group and other members.
2) 'User001' should be able to execute the shell script developed by dbadmin without dbadmin intevention.
Any help is greatly appreciated.

Thanks!

awk · July 30, 2007, 5:42pm

Have DBA create the script

have DBA chmod 4777 <filename>

Anyone can execute the script (I think I did this once).

If you don't want everyone to do it, consider better security provided by sudo. While I have executed sudo <scriptname>, I have never set one up.

MeganP · July 30, 2007, 11:37pm

When application user tries to execute the script which contains SETFACL command developed by DBA user group, it is coming up with the SETFACL privileges error message. Any idea!

Thanks!