[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Attributes for filtering OS logins

To: Anton Chu <anton.chu@telecommand.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: Attributes for filtering OS logins
From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
Date: Wed, 10 Nov 2010 16:54:45 -0700
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
In-reply-to: <AANLkTi=B1BHkAKNLdeMiD8U_S0wOfFS0GO7-TK_u02+3@mail.gmail.com>
References: <AANLkTi=B1BHkAKNLdeMiD8U_S0wOfFS0GO7-TK_u02+3@mail.gmail.com>
Thread-index: AcuBLmUC24tdCSbDRi2+JdaIAypt7gAAzGxg
Thread-topic: Attributes for filtering OS logins

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Anton Chu
Sent: Wednesday, November 10, 2010 3:23 PM
To: openldap-technical@openldap.org
Subject: Attributes for filtering OS logins

I have a scenario where I want to setup two LDAP groups where one group can access a file on the server while the other one cannot after they login.  Can some PAM tweaks make this happen if not on the ldap side?

------------------------------

Anton,

Without more info about the system, it sounds like you need to consider group memberships and set group permissions.

Group A - allowed
Group B - disallowed

Protected files permissions:
-rwxrwx--- (user) a-only

The above example doesn't take into consideration the owernship or permissions of its containing dir.
http://content.hccfl.edu/pollock/aunix1/filepermissions.htm

This isn't an LDAP or PAM issue - it's a local file permissions issue; unless I've totally misunderstood your question...

- chris

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.

References:
- Attributes for filtering OS logins
  - From: Anton Chu <anton.chu@telecommand.com>

Prev by Date: Attributes for filtering OS logins
Next by Date: Syncrepl from OSX slapd to Centos5 slapd
Index(es):
- Chronological
- Thread