Hi all,
Apologies if the answer is out there somewhere, I did have a search about.....
In my environment of a RHEL 4 machine and users all listed out in LDAP (say, userA in a deptZ primary group; userB in same deptZ primary group, plus deptY secondary group), I am trying to find a mechanism to provide permissions on files based on username AND user location.
Essentially through my software - which is essentially kicked off by a .sh file and this is where I am trying to put this logic - I want a userA session running in deptA to create a file with permissions:
.rw.r..... userA deptZ file1
A userB session can then read the file when physically in deptZ, but somehow his membership of deptZ is removed when he physically is not in that dept, ie he is down the corridor in deptY. My software startup .sh file for each session can flag which dept the user is in, so I am looking for someway in the script to turn this flag into granting/denying access to the file for each particular session.
Any ideas? Am I crazy?!
Thanks for looking,
Steve