Folders with more than one 'owner'

UNIX Solaris
1

I have a peculiar problem.
I have a particular directory with the following characteristics:

-bash-3.00# ls -lah
total 18
drwxr-x--- 7 gandalf shire 512 jul 3 07:20 .
drwxr-x--- 11 gandalf shire 512 mai 10 2010 ..
drwxr-xr-x 6 gandalf shire 3,0K jul 24 19:25 brasdeff
drwxr-xr-x 2 gandalf shire 512 mar 20 17:03 brasesmm
drwxr-xr-x 3 gandalf shire 512 mar 20 17:00 brasfrpp
drwxr-xr-x 2 gandalf shire 512 jul 6 10:37 brasptpl

I need to create a user for FTP access, which we call here 'hobbit';
How to create this user, hobbit, has write access to these folders, without changing the permissions writing these folders and without changing the 'owner'?

2

Not directly possible based on the information shown. You only have write permissions for owner, not group or other.

(Note: I would not even consider having a duplicate UID).

Other techniques available include giving the ftp user a normal isolated home directory and using a periodic root cron to collect data and place it into the final directories with the correct permissions. This technique needs an interlock mechanism on the relay directory to ensure that ftp transfers finish before file copying takes place.

3

So, you want to change the permissions without changing them. I'm afraid that's not going to work.

If you make the folder group-writable and put your hobbit in the 'shire' group they will have access.

4

I Solved my problem!
I used the commands:

# id gandalf
uid=100(gandalf) gid=104
# usermod -u 100 -o hobbit

With the same ID of Gandalf, the hobbit can write to the folder 'brasdeff', for example.
:smiley:

5

Not recommended to have two users with the same UID. As well as being just plain confusing, it can cause backup and restore software to malfunction. You might as well do the ftp process as user gandalf.
Don' forget that any files previously owned by user hobbit are now orphans.

6

Thanks for the warning! I'll try to be careful, but as that user hobbit is only for specific access to this folder, and will be for processes like 'put' and 'get', I think that's enough.
I can not allow the user to login with Gandalf, since this user has a password that can not provide, since it is used by a critical system.

Thank you!

7

I'm not sure what will happen now if they attempt to change their password, though.

8

Nobody mentioned ACL's here.

What OS are you using? i.e., what version of Solaris?
Please show the output of:

df -h
cat /etc/mnttab

More recent versions of Solaris have support for access control lists. (setfacl, getfacl)

9 
-bash-3.00# cat /etc/release
                   Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC
     Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
                            Assembled 11 August 2010


-bash-3.00# df -h
Filesystem             size   used  avail capacity  Mounted on
/dev/md/dsk/d10         12G   9,4G   2,3G    81%    /
/devices                 0K     0K     0K     0%    /devices
ctfs                     0K     0K     0K     0%    /system/contract
proc                     0K     0K     0K     0%    /proc
mnttab                   0K     0K     0K     0%    /etc/mnttab
swap                   3,9G   1,7M   3,9G     1%    /etc/svc/volatile
objfs                    0K     0K     0K     0%    /system/object
sharefs                  0K     0K     0K     0%    /etc/dfs/sharetab
/platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1
                        12G   9,4G   2,3G    81%    /platform/sun4u-us3/lib/libc_psr.so.1
/platform/sun4u-us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1
                        12G   9,4G   2,3G    81%    /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1
fd                       0K     0K     0K     0%    /dev/fd
/dev/md/dsk/d50        5,9G   1,1G   4,7G    20%    /var
swap                   3,9G   6,6M   3,9G     1%    /tmp
swap                   3,9G    48K   3,9G     1%    /var/run
/dev/md/dsk/d70         29G   391M    29G     2%    /dados
/dev/md/dsk/d60         12G    12M    12G     1%    /usr/aplic



-bash-3.00# cat /etc/mnttab
/dev/md/dsk/d10 /       ufs     rw,intr,largefiles,logging,xattr,onerror=panic,dev=154000a      1342809141
/devices        /devices        devfs   dev=5b80000     1342809126
ctfs    /system/contract        ctfs    dev=5bc0001     1342809126
proc    /proc   proc    dev=5c00000     1342809126
mnttab  /etc/mnttab     mntfs   dev=5c40001     1342809126
swap    /etc/svc/volatile       tmpfs   xattr,dev=5c80001       1342809126
objfs   /system/object  objfs   dev=5cc0001     1342809126
sharefs /etc/dfs/sharetab       sharefs dev=5d00001     1342809126
/platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1   /platform/sun4u-us3/lib/libc_psr.so.1   lofs    dev=154000a     1342809139
/platform/sun4u-us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1   /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1   lofs    dev=154000a     1342809140
fd      /dev/fd fd      rw,dev=5e80001  1342809141
/dev/md/dsk/d50 /var    ufs     rw,intr,largefiles,logging,xattr,onerror=panic,dev=1540032      1342809142
swap    /tmp    tmpfs   xattr,dev=5c80002       1342809142
swap    /var/run        tmpfs   xattr,dev=5c80003       1342809142
/dev/md/dsk/d70 /dados  ufs     rw,intr,largefiles,logging,xattr,onerror=panic,dev=1540046      1342809157
/dev/md/dsk/d60 /usr/aplic      ufs     rw,intr,largefiles,logging,xattr,onerror=panic,dev=154003c      1342809157
dv12001:vold(pid826)    /vol    nfs     ignore,noquota,dev=5f00001      1342809184
-hosts  /net    autofs  nosuid,indirect,ignore,nobrowse,dev=5f40001     1342809187
auto_home       /home   autofs  indirect,ignore,nobrowse,dev=5f40002    1342809187
10

Where "more recent version" means Solaris 2.5 (1995) and newer :wink:

By the way, note the setfacl/getfacl commands, used with UFS and NFS v2/v3, are based on a now abandoned specification (POSIX 1003.6).

The new model, supported by ZFS and NFS v4, is based on NFSv4 ACLs and is handled by enhanced ls and chmod commands, which is a more logical choice.

Have a look to the acl man page for details about these two models.