Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: System Logs
Operating Systems AIX System Logs Post 302251928 by bakunin on Tuesday 28th of October 2008 11:20:17 AM
Old 10-28-2008
Of course these files are not updated. When your user switches from one user to another all the command s/he types in as the other user goes to this new users .sh_history file. You can control which history file is being used by setting the HISTFILE variable in the ksh environment.

But even then your main problem will remain: your system is unsecure - and inherently so. There is no other option than to limit what users do as root or as root-equivalent users. I woul suggest you explore tools like sudo and create a thorough concept which user should be able to do what - and then limit his possiblities to exactly this.

Giving all your users root authority is just lazyness in terms of coming up with such a concept. As long as every user is allowed to do everything you don't have to worry about security - it is simply nonexistent and the only thing you can do about it - save for changing the attitude - is getting used to it.

I hope this helps.

bakunin
 

9 More Discussions You Might Find Interesting

1. Solaris

system logs' life

How can you control old system logs keep(or storage) time in Solaris ? Is there any method ? it depends on buffer size long or date long ? (1 Reply)
Discussion started by: xramm
1 Replies

2. Shell Programming and Scripting

not able to redirect the logs of a singl date in one system

Hi All, I have around 15 servers. I need to check for the error in /var/adm/messages in 15 servers of current date everyday and log it in one server. rsh is configured in all servers. The command I am using to accomplish this in shell script is rsh <remote sever> grep 'Jun 17'... (2 Replies)
Discussion started by: partha_bhunia
2 Replies

3. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

4. Solaris

logs for system shutdown

I am working on a SUN T2000 machine with Solaris 10 running on it. When I checked the system this morning, I found it to be turned off. The lastreboot command showed that the system had been shut down the previous night. I want to find out how the system was shut down. I have run hardware health... (2 Replies)
Discussion started by: batman727
2 Replies

5. AIX

system logs

good evening all dear all where i can find the system logs in AIX 5.3 (1 Reply)
Discussion started by: thecobra151
1 Replies

6. Solaris

Svc messages flooding the system logs every second

Hi all I have a newly installed Oracle X2-4 server running Solaris 10 x86 with the latest patches. I have one non-global zone configured running an Oracle DB instance. After configuring IPMP failover between two NICs on the server and rebooting I am seeing the /var/adm/messages being flooded... (7 Replies)
Discussion started by: notreallyhere
7 Replies

7. Red Hat

Writing to System Logs

This isn't a RedHat specific question. The software in question might be used for any Linux distribution. Would it be advisable or inadvisable for my application, to be downloaded by many people I don't know, to write to the following logs in /var/log? maillog or mail.log messages secure ... (10 Replies)
Discussion started by: Brandon9000
10 Replies

8. AIX

AIX system logs files

hello, i just want to know logs files for these actions listed below : - User Account Creation - User Account Deletion - Failed and or Successful User Password Changes - Failed Login Activities for all User Users - System Reboot or and shutdown help appreciated... (6 Replies)
Discussion started by: Bolou
6 Replies

9. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

LEARN ABOUT HPUX

userdbset

userdbset(1M)															     userdbset(1M)

NAME

       userdbset - modify information in the user database, /var/adm/userdb

SYNOPSIS

       name attr [attr]...

       attr [attr]...

       name]

DESCRIPTION

       modifies  the  per-user	information residing in the user database, A per-user value in the user database overrides any system-wide default
       configured in See userdb(4) and security(4) for more details about the user database and system-wide defaults, respectively.

       If one or more arguments are specified on the command line, initializes or modifies each attribute specified by attr to the specified value
       for the specified user name.

   Options
       The following options are recognized:

	      Modify specified attributes for all users.

	      Delete attributes; the
			   (see  security(4))  system-wide  default  will  then  apply.   If  one or more attr arguments are specified, only those
			   attributes are deleted.  Otherwise, if no attr arguments are specified, all configurable attributes are deleted for the
			   specified user name.

	      Import the contents of
			   filename  into the user database.  Each line in the data file, filename, must be in the following format: The output of
			   is in this format and can be used as the input file.  See the example in the section.

	      Remove internal attributes in addition to the configurable ones.
			   Internal attributes are not user configurable and are normally modified only by programs that enforce system  security.
			   The file indicates which attributes are configurable and which are internal.

	      Initialize, modify or delete specified attributes for the specified user
			   name.

   Authorizations
       In  order  to invoke the user must either be root (running with effective uid of 0) or, if the Role-Based Access Control Extensions product
       (RBACExt) is installed, have the appropriate authorization(s).  Users with the appropriate authorizations can use to add, modify or  delete
       security  attributes  for  other users, but are prohibited from changing the security attributes for local root users.  Only root users can
       add, modify or delete the security attributes of local root users.

       Refer to rbac(5) for more information on the Role-Based Access Control product.	The following is a list of the required authorizations for
       running with particular options:

       Allows the user to invoke
	   The user will also need specific authorizations to modify or delete the various attributes in the user database.

       Allows the user to delete the per-user attribute
	   (attr) named in the object of the authorization pair.  An object of will allow the user to delete any attribute.

       Allows the user to initialize or modify the per-user attribute
	   (attr) named in the object of the authorization pair.  An object of will allow the user to initialize or modify any attribute.

       Allows the user to import user attributes into the user database using
	   the option.	Users with this authorization are allowed to import attributes for all users, including local root users.

   Notes
       Only users who have read and write access to can run

       validates attributes and attribute values based on information in The validation of an attribute fails if:

	      o  Any specified attr is not listed in

	      o  does not allow a per-user value for the attr.

	      o  name is not a valid user.

	      o  allows the attr only for local users, and name is not in

	      o  The value of an attr is not within the range specified in

RETURN VALUE

       exits with one of the following values:

       success
       invalid user
       invalid usage
       insufficient permission to access the user database
       file system error
       invalid attribute;
	    does not allow a per-user value
       an attribute value is not within the range specified in
       block overflow
       entry overflow
       database lock failure
       database is disabled; see
	    userdb(4)
       invalid user name
       not a local user

EXAMPLES

       In  the	following  example, the first command deletes all of the configurable attributes for user while retaining the internal attributes.
       At this point, the system-wide defaults in apply.  The second command sets minimum password length to 7	and  to  0022  (the  leading  zero
       denotes an octal value).

       The next command deletes the minimum password length, which causes the system-wide default to be used.

       The following example deletes the user-specific audit flag for all users.  The system-wide default will then apply for all users.

       The  following  example	saves the configurable attributes for all users option) into a file, using the command.  If needed, the attributes
       can then be restored at a later point by importing the file with The second command imports the configurable attributes into the user data-
       base.

FILES

       user database
       security defaults configuration file
       security attributes description file

SEE ALSO

       userdbck(1M), userdbget(1M), userdb_read(3), security(4), userdb(4), rbac(5).

																     userdbset(1M)
All times are GMT -4. The time now is 12:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy