Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: locking userid to 1 dir?
Operating Systems Solaris locking userid to 1 dir? Post 302072732 by dsbeerf on Friday 5th of May 2006 03:42:41 PM
Old 05-05-2006
What log files, exactly, do they need to view ?

What are they going to be "doing" with those log files ?
Just looking ? Gathering Statistics ? Finding explicit entries in the logs ? Graphing the data that is in the log files ? Importing the files, or PARTS of the files, into some other "application" [Like gathering some statistics into Excel] ?

What does this Solaris machine "do" for you ? Is it a "server" ? What does it "serve" ? Is it a "production machine" ??

Once you define the exact machine "Class", you can then decide on the appropriate type of access to allow. You don't allow general access to a production machine, for instance.

Once you decide the type of access, you can allow it in the most restrctive way. Allowing these users EXACTLY (and ONLY) what they need.

Off the top of my head, you can:

1) Allow FTP access, from a specific internal subnet, to these files after you have moved them to a 'safe' directory. An EXAMPLE is to create an FTP only user, and have a cron script that transfers the data they need into their "home" directory from wherever the log files are actually written. From there, these people can access the data they need.

2) Bring up an Apache web server, serving ONLY the internal networks, and make the DocumentRoot (in the httpd.conf file) the directory you transfer the log files into. This way, anyone who needs the data can "download" it via a browser. No account needed. [But some other security issues are raised.]

3) Create cron script(s) to gather the files (OR data!) these people need into a specific directory (maybe in /var/tmp, maybe elsewhere), then have another cron script check for files in that directory and transfer them to a readily accessible place for the folks to access. An EXAMPLE: My "people" need to know when a specific data set was accessed by the users of a specific application. I create a cron script that looks through the application's log files, and outputs all noted access to that "data set" to another file. This *new* file is then transferred to a Microsoft server that allows the "people" to "mount" that "Share", and access the data they need from their "desktops". Since these "people" are in the "accounts recievable" department, they do not know about or care about UNIX. So I have just given them ONLY what they need.

I have not given any specific answers here, but a few ideas. Let me know if this helps.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

script to go to a different dir to run a commandline prompt in that dir

Hi, I need to know how I'll be able to write a script that can goto a different dir where I don't have access to read,write and execute and also to run a commandline prompt in that dir with one file whose path has to be specified in that command. Will I be able to do this? Any ideas or... (2 Replies)
Discussion started by: ann_124
2 Replies

2. Shell Programming and Scripting

a script to clone a dir tree, & overwrite the dir struct elsewhere?

hi all, i'm looking for a bash or tcsh script that will clone an empty dir tree 'over' another tree ... specifically, i'd like to: (1) specify a src directory (2) list the directory tree/hiearchy beneath that src dir, w/o files -- just the dirs (3) clone that same, empty dir hierarchy to... (2 Replies)
Discussion started by: OpenMacNews
2 Replies

3. Shell Programming and Scripting

How do I define a particular dir in PATH variable and then unset that dir

How do I define a particular dir in front of PATH variable and then run some job and then at the end of job SET the PATH variable to original? in a script, WILL something like this work: ORIG_PATH=$PATH export PATH=/dir1/dir2:$PATH RUN SOME JOBS ..... unset PATH EXPORT... (2 Replies)
Discussion started by: Hangman2
2 Replies

4. UNIX and Linux Applications

CPIO Problem, copy to the root dir / instead of current dir

HI all, I got a CPIO archive that contains a unix filesystem that I try to extract, but it extract to the root dir / unstead of current dir, and happily it detects my file are newer otherwise it would have overwrited my system's file! I tried all these commands cpio -i --make-directories <... (2 Replies)
Discussion started by: nekkro-kvlt
2 Replies

5. Shell Programming and Scripting

A script to find dir, delete files in, and then del dir?

Hello!! I have directories from 2008, with files in them. I want to create a script that will find the directoried from 2008 (example directory: drwxr-xr-x 2 isplan users 1024 Nov 21 2008 FILES_112108), delete the files within those directories and then delete the directories... (3 Replies)
Discussion started by: bigben1220
3 Replies

6. Shell Programming and Scripting

Perform action in dir if dir has .git subdir

Hi, I want to run git status for the dir which has subdir ".git" in it with dir path mentioned in output log? If a dir does not have .git subdir then skip that dir. Dir will have 100 main dirs & 500 + subdirs and so on. I appreciate all your help :b: (4 Replies)
Discussion started by: dragon.1431
4 Replies

7. Shell Programming and Scripting

moving files from a dir in one machine to a dir in another machines

Hi, I am a unix newbie.I need to write a shell script to move my oracle READ WRITE datafiles from one serevr to another. I need to move it from /u01/oradata/W1KK/.. to /u01/oradata/W2KK, /u02/oradata/W1KK/.. to /u02/oradata/W2KK. That is, I actaully am moving my datafiles from one database to... (2 Replies)
Discussion started by: mathews
2 Replies

8. UNIX for Dummies Questions & Answers

How to list all files in dir and sub-dir's recursively along with file size?

I am very new to unix as well as shell scripting. I have to write a script for the following requirement. In have to list all the files in directory and its sub directories along with file path and size of the file Please help me in this regard and many thanks in advance. (3 Replies)
Discussion started by: nmakkena
3 Replies

9. Shell Programming and Scripting

KSH - Find paths of multiple files in CC (dir and sub-dir))

Dear Members, I have a list of xml files like abc.xml.table prq.xml.table ... .. . in a txt file. Now I have to search the file(s) in all directories and sub-directories and print the full path of file in a output txt file. Please help me with the script or command to do so. ... (11 Replies)
Discussion started by: Yoodit
11 Replies

10. AIX

Assign read write permission to the user for specific dir and it's sub dir and files in AIX

I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. I do not want to assign user the same group of that directories too.... (0 Replies)
Discussion started by: blinkingdan
0 Replies

LEARN ABOUT DEBIAN

mupdatetest

MUPDATETEST(1)						      General Commands Manual						    MUPDATETEST(1)

 *

NAME

       mupdatetest - interactive MUPDATE test program

SYNOPSIS

       mupdatetest [ -p port ] [ -m mechanism ]
		   [ -a userid ] [ -u userid ] [ -k num ] [ -l num ]
		   [ -r realm ] [ -f file ] [ -n num ] [ -q ]
		   [ -c ] [ -i ] [ -o option=value ] [ -v ] hostname

DESCRIPTION

       mupdatetest is a utility that allows you to authenticate to a MUPDATE server and interactively issue commands to it. Once authenticated you
       may issue any MUPDATE command by simply typing it in. It is capable of multiple SASL authentication mechanisms and handles encryption  lay-
       ers  transparently.  This  utility  is often used for testing the operation of a mupdate server. Note that you must be an admin in order to
       authenticate to an mupdate server.

OPTIONS

       -p port
	      Port to connect to. If left off this defaults to mupdate as defined in /etc/services.

       -m mechanism
	      Force mupdatetest to use mechanism for authentication. If not specified the strongest  authentication  mechanism	supported  by  the
	      server is chosen.

       -a userid
	      Userid  to use for authentication; defaults to the current user.	This is the userid whose password or credentials will be presented
	      to the server for verification.

       -u userid
	      Userid to use for authorization; defaults to the current user.  This is the userid whose identity will be assumed after  authentica-
	      tion.  NOTE: This is only used with SASL mechanisms that allow proxying (e.g. PLAIN, DIGEST-MD5).

       -k num Minimum protection layer required.

       -l num Maximum  protection  layer to use (0=none; 1=integrity; etc).  For example if you are using the KERBEROS_V4 authentication mechanism
	      specifying 0 will force mupdatetest to not use any layer and specifying 1 will force it to use the integrity layer.  By default  the
	      maximum supported protection layer will be used.

       -r realm
	      Specify the realm to use. Certain authentication mechanisms (e.g. DIGEST-MD5) may require one to specify the realm.

       -f file
	      Pipe file into connection after authentication.

       -n num Number of authentication attempts; default = 1.  The client will attempt to fast reauth (e.g. DIGEST-MD5), if possible.

       -q     Enable MUPDATE COMPRESSion (before the last authentication attempt).

       -c     Enable  challenge  prompt  callbacks.   This will cause the OTP mechanism to ask for the the one-time password instead of the secret
	      pass-phrase (library generates the correct response).

       -i     Don't send an initial client response for SASL mechanisms, even if the protocol supports it.

       -o option=value
	      Set the SASL option to value.

       -v     Verbose. Print out more information than usual.

SEE ALSO

       mupdate(8)

CMU
								   Project Cyrus						    MUPDATETEST(1)
All times are GMT -4. The time now is 07:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy