04-22-2009
Well... not wanting to get drawn into a big debate as others may have more intimate knowledge... but that's pretty much the way it is.
Generally speaking if "it's on the path" and executable to the user than it runs. There is no inherent user/command "matrix".
"nix" provides the flexibility for you to implement the by user controls if you wish a number of different ways.
You could use the rename and intercepting script method.
You could alter the user's path (at login) so they can't see it or what they see is something different and/or in a different place (a variation on the intercepting script method).
As root:
. make a directory:
mkdir -m755 /.bin_trap
. make an empty file named ps in that directory:
cp /dev/null /.bin_trap/ps
or a non-empty file to do whatever is good for you
. make that file executable:
chmod 555 /.bin_trap/ps
Then in the user's login script set the path variable to have your /.bin_trap at the beginning of the list so your ps is found first. The syntax for doing that varies depending upon the shell in use.
Of course, a reasonably astute user would eventually be able to get around that but, perhaps, you're not concerned there.
Geo.
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I'm calling a program with a command line arguement containing a password. while the process is running anyone on the system can ps -ef and see the password. Is there a way to prevent this from happening.
example
PROGRAM USERNAME/PASSWD
I've also tried
PROGRAM `cat passfile`
... (7 Replies)
Discussion started by: sudojo
7 Replies
2. UNIX for Dummies Questions & Answers
Hello,
I am trying to figure out away to hide a command from users when performing a ps check. I have a ksh that purges a table in a database. If I perform a >ps -eaf |grep ksh, I get the login id and password. I do not want other users seeing this. Is there a way to hide this. The login... (5 Replies)
Discussion started by: ctcuser
5 Replies
3. Shell Programming and Scripting
Hi,
I have a simple script to ftp from unix to a mainframe to get and put files. Currently I have the password setup in a VARS file and dereference the var in my script. Doing it this way allws me to change the password in only one place but it is still viewable for many people. Is there any... (6 Replies)
Discussion started by: Cass3
6 Replies
4. UNIX for Dummies Questions & Answers
Hello. A bit of a puzzle here:
I have a 3rd party executable, which requires the following parameters:
parm1 = program_name, parm2=userid/password, parm3=additional flags.
We tried passing password as a variable, but you can do grep, and see what the password actually is
I found a bit... (2 Replies)
Discussion started by: Kishinevetz
2 Replies
5. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
6. Shell Programming and Scripting
Hi,
I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit.
At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who... (1 Reply)
Discussion started by: newbie_01
1 Replies
7. Shell Programming and Scripting
Not sure on the description, but here is a quick rundown.
I have 2 servers, we'll call them
serverA
serverB
On serverB, I am calling a script that inside it has the following:
ssh srvdsadm@serverB sudo -u dsadm /opt/apps/DataStage/scripts/autoDeploy.sh ${projName} ${subProjVar}... (1 Reply)
Discussion started by: cbo0485
1 Replies
8. Shell Programming and Scripting
Hi guys,
I use STTY command to make the password invisible.
Now I need to write the password into another file pwd.txt, but in an invisible manner, something like ******. Another thing is to when I echo the content of pwd.txt I get the password I actually typed.
Thanks guys. Help me out. (5 Replies)
Discussion started by: mohanalakshmi
5 Replies
netrc(4) File Formats netrc(4)
NAME
netrc - file for ftp remote login data
DESCRIPTION
The .netrc file contains data for logging in to a remote host over the network for file transfers by ftp(1). This file resides in the
user's home directory on the machine initiating the file transfer. Its permissions should be set to disallow read access by group and oth-
ers (see chmod(1)).
The following tokens are recognized; they may be separated by SPACE, TAB, or NEWLINE characters:
machine name Identify a remote machine name. The auto-login process searches the .netrc file for a machine token that matches the remote
machine specified on the ftp command line or as an open command argument. Once a match is made, the subsequent .netrc
tokens are processed, stopping when the EOF is reached or another machine token is encountered.
default Same as machine name, except that default matches any name. There can be only one default token, and it must be after all
machine tokens. The default token is normally used as follows:
default login anonymous password user@site
Such an entry gives the user automatic anonymous ftp login to machines not specified in .netrc.
login name Identify a user on the remote machine. If this token is present, the auto-login process will initiate a login using the
specified name.
password string Supply a password. If this token is present, the auto-login process will supply the specified string if the remote server
requires a password as part of the login process. Note: if this token is present in the .netrc file, ftp will abort the
auto-login process if the .netrc is readable by anyone besides the user.
account string Supply an additional account password. If this token is present, the auto-login process supplies the specified string if
the remote server requires an additional account password. If the remote server does not require an additional account
password, the auto-login process will initiate an ACCT command.
macdef name Define a macro. This token functions the same as ftp macdef. A macro is defined with the specified name; its contents
begin with the next .netrc line and continue until a null line (consecutive NEWLINE characters) is encountered. If a macro
named init is defined, it is automatically executed as the last step in the auto-login process.
EXAMPLES
Example 1: A Sample .netrc File
A .netrc file containing the following line:
machine ray login demo password mypassword
allows an autologin to the machine ray using the login name demo with password mypassword.
FILES
~/.netrc
SEE ALSO
chmod(1), ftp(1), in.ftpd(1M)
SunOS 5.10 3 Jul 1990 netrc(4)