BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
ktkv5
Obsidian | Level 7

In our setup, the windows users dont have Linux presence and we are using the PAM authentication to authenticate them. I would like to create 2 directories DirA abd DirB, which are owned by GrpA and GrpB users respectively. Lets say I have 3 users X@abc.com,Y@ABC.com and Z@ABC.com and X is a member of GrpA and Y is a member of GrpB and Z is a member of both the groups. How can I achieve this in Unix?

1 ACCEPTED SOLUTION

Accepted Solutions
Timmy2383
Lapis Lazuli | Level 10

I'm not too familiar with them, but the "+" at the end of your permissions string may indicate that you have ACLs (Access Control Lists) implemented. If I understand ACLs correctly, these could potentially be overriding the OS permissions you're trying to set.  You might want to get with your Unix Admins to see if the ACLs may be overriding what you're trying to do.

View solution in original post

12 REPLIES 12
Timmy2383
Lapis Lazuli | Level 10
If I understand you correctly, I think it would be something like the following.

You need to have the Linux groups created (GrpA/GrpB) and then have each user added to their respective group (presumably their GID, primary group, would be either GrpA or GrpB).

Then you need to create DirA and DirB and change the group ownership of the DirA and DirB to GrpA and GrpB. So something like: "chgrp GrpA /DirA"

So long as the user is a member of the appropriate group and the directory has execute permissions for the group that owns it they should have access to those directories.
ktkv5
Obsidian | Level 7

Yes Tim. Exactly!!! These users only have the windows presence and using SAS only through EG. If they place any external file in these directories only the members of that group should be able to see the files. I have created dirA and GrpA and changed the ownership of dirA to grpA and placed a file in that directory, modified the permissions to 770. If I login as userB I am able to see files under the dirA. Dont know what I am missing here

Timmy2383
Lapis Lazuli | Level 10
Can you show me current permissions for DirA and then issue the following commands send me the ouput?

id UserA
id UserB
ktkv5
Obsidian | Level 7

Current permissions for DirA is drwxrwx---+ and I apologize as I cannot send the output of the next commands as its sensitive data.  

Timmy2383
Lapis Lazuli | Level 10
The only reason UserB should be able to access DirA, with the permissions as they are, is because UserB is in GrpA. You need to check the groups of UserB.

If you issue "groups UserB" is GrpA in the list?
ktkv5
Obsidian | Level 7

No. GroupA is not listed for the userB

Timmy2383
Lapis Lazuli | Level 10

How are you verifying that UserB can access DirA?

ktkv5
Obsidian | Level 7

I have logged in SAS EG as userB and expanded SASApp server> files> dirA and I can consume the file in my SAS code

Timmy2383
Lapis Lazuli | Level 10
I just noticed, you sent me the permissions for /DirA but not the long listing that shows the owner and group. Can you show that as well?

Can you putty into the server and see the SAS process for your session? Can you verify that's actually running under UserB and not one of the SAS service accounts (like sassrv)?
ktkv5
Obsidian | Level 7

Hi Tim,

 

            Please find the info asked 

drwxrwx---+  2 sasadmin        dirA                4096 Feb 10 19:17 dirA

 

 

Timmy2383
Lapis Lazuli | Level 10

I'm not too familiar with them, but the "+" at the end of your permissions string may indicate that you have ACLs (Access Control Lists) implemented. If I understand ACLs correctly, these could potentially be overriding the OS permissions you're trying to set.  You might want to get with your Unix Admins to see if the ACLs may be overriding what you're trying to do.

ktkv5
Obsidian | Level 7

Sure Tim. I think thats whats happening. let me check with them and see what's going on

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 12 replies
  • 2572 views
  • 0 likes
  • 2 in conversation