[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Attributes for filtering OS logins

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Anton Chu
Sent: Wednesday, November 10, 2010 3:23 PM
To: openldap-technical@openldap.org
Subject: Attributes for filtering OS logins

I have a scenario where I want to setup two LDAP groups where one group can access a file on the server while the other one cannot after they login.  Can some PAM tweaks make this happen if not on the ldap side?



Without more info about the system, it sounds like you need to consider group memberships and set group permissions.

Group A - allowed
Group B - disallowed

Protected files permissions:
-rwxrwx--- (user) a-only

The above example doesn't take into consideration the owernship or permissions of its containing dir.

This isn't an LDAP or PAM issue - it's a local file permissions issue; unless I've totally misunderstood your question...

- chris

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.