Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: New Approach Hiding login password from ps -ef
Top Forums UNIX for Dummies Questions & Answers New Approach Hiding login password from ps -ef Post 302310314 by fpmurphy on Friday 24th of April 2009 09:39:04 AM
Old 04-24-2009
Quote:
Originally Posted by simonsimon
GSalisbury,
I wish unix was a bit flexible.
......
I hear you but I am asking the apprpriate question. This requirement could be generic for any utility not just ps.
......
Unix and GNU/Linux are extremely flexible. There are a many many ways of achieving what you want from finegrained control using SELinux and ACLs to simple methods such as aliasing. Depends on what you want to achieve and your level of expertise.
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Hiding password from ps

I'm calling a program with a command line arguement containing a password. while the process is running anyone on the system can ps -ef and see the password. Is there a way to prevent this from happening. example PROGRAM USERNAME/PASSWD I've also tried PROGRAM `cat passfile` ... (7 Replies)
Discussion started by: sudojo
7 Replies

2. UNIX for Dummies Questions & Answers

Hiding login/password in process!

Hello, I am trying to figure out away to hide a command from users when performing a ps check. I have a ksh that purges a table in a database. If I perform a >ps -eaf |grep ksh, I get the login id and password. I do not want other users seeing this. Is there a way to hide this. The login... (5 Replies)
Discussion started by: ctcuser
5 Replies

3. Shell Programming and Scripting

Hiding password for FTP in a script

Hi, I have a simple script to ftp from unix to a mainframe to get and put files. Currently I have the password setup in a VARS file and dereference the var in my script. Doing it this way allws me to change the password in only one place but it is still viewable for many people. Is there any... (6 Replies)
Discussion started by: Cass3
6 Replies

4. UNIX for Dummies Questions & Answers

Hiding Password

Hello. A bit of a puzzle here: I have a 3rd party executable, which requires the following parameters: parm1 = program_name, parm2=userid/password, parm3=additional flags. We tried passing password as a variable, but you can do grep, and see what the password actually is I found a bit... (2 Replies)
Discussion started by: Kishinevetz
2 Replies

5. Solaris

SSH Password-less login fails on password expiry.

Hi Gurus I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails. Resetting my password reenables the keys. Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies

6. Shell Programming and Scripting

Scripting help/advise on hiding/masking username/password

Hi, I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit. At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who... (1 Reply)
Discussion started by: newbie_01
1 Replies

7. Shell Programming and Scripting

Remote call not hiding password fields

Not sure on the description, but here is a quick rundown. I have 2 servers, we'll call them serverA serverB On serverB, I am calling a script that inside it has the following: ssh srvdsadm@serverB sudo -u dsadm /opt/apps/DataStage/scripts/autoDeploy.sh ${projName} ${subProjVar}... (1 Reply)
Discussion started by: cbo0485
1 Replies

8. Shell Programming and Scripting

Password hiding in UNIX

Hi guys, I use STTY command to make the password invisible. Now I need to write the password into another file pwd.txt, but in an invisible manner, something like ******. Another thing is to when I echo the content of pwd.txt I get the password I actually typed. Thanks guys. Help me out. (5 Replies)
Discussion started by: mohanalakshmi
5 Replies

LEARN ABOUT CENTOS

sepgsql_ranged_proc_selinux

sepgsql_ranged_proc_selinux(8)				SELinux Policy sepgsql_ranged_proc			    sepgsql_ranged_proc_selinux(8)

NAME

       sepgsql_ranged_proc_selinux - Security Enhanced Linux Policy for the sepgsql_ranged_proc processes

DESCRIPTION

       Security-Enhanced Linux secures the sepgsql_ranged_proc processes via flexible mandatory access control.

       The sepgsql_ranged_proc processes execute with the sepgsql_ranged_proc_t SELinux type. You can check if you have these processes running by
       executing the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep sepgsql_ranged_proc_t

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux sepgsql_ranged_proc policy is very flexible allowing  users  to  setup
       their sepgsql_ranged_proc processes in as secure a method as possible.

       The following process types are defined for sepgsql_ranged_proc:

       sepgsql_ranged_proc_t

       Note:  semanage permissive -a sepgsql_ranged_proc_t can be used to make the process type sepgsql_ranged_proc_t permissive. SELinux does not
       deny access to permissive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  sepgsql_ranged_proc policy is extremely flexible and has  several  booleans
       that allow you to manipulate the policy and run sepgsql_ranged_proc with the tightest access possible.

       If  you	want  to  deny	any  process  from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load modules, you must turn on  the	domain_kernel_load_modules  boolean.  Disabled	by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), sepgsql_ranged_proc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

sepgsql_ranged_proc						     14-06-10					    sepgsql_ranged_proc_selinux(8)
All times are GMT -4. The time now is 03:00 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy