[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Attributes for filtering OS logins



From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Anton Chu
Sent: Wednesday, November 10, 2010 3:23 PM
To: openldap-technical@openldap.org
Subject: Attributes for filtering OS logins

I have a scenario where I want to setup two LDAP groups where one group can access a file on the server while the other one cannot after they login.  Can some PAM tweaks make this happen if not on the ldap side?

------------------------------

Anton,

Without more info about the system, it sounds like you need to consider group memberships and set group permissions.

Group A - allowed
Group B - disallowed

Protected files permissions:
-rwxrwx--- (user) a-only

The above example doesn't take into consideration the owernship or permissions of its containing dir.
http://content.hccfl.edu/pollock/aunix1/filepermissions.htm

This isn't an LDAP or PAM issue - it's a local file permissions issue; unless I've totally misunderstood your question...

- chris


This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.