From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Anton Chu Sent: Wednesday, November 10, 2010 3:23 PM To: openldap-technical@openldap.org Subject: Attributes for filtering OS logins
I have a scenario where I want to setup two LDAP groups where one group can access a file on the server while the other one cannot after they login. Can some PAM tweaks make this happen if not on the ldap side?
------------------------------
Anton,
Without more info about the system, it sounds like you need to consider group memberships and set group permissions.
Group A - allowed Group B - disallowed
Protected files permissions: -rwxrwx--- (user) a-only
The above example doesn't take into consideration the owernship or permissions of its containing dir. http://content.hccfl.edu/pollock/aunix1/filepermissions.htm
This isn't an LDAP or PAM issue - it's a local file permissions issue; unless I've totally misunderstood your question...
- chris
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.