04-24-2009
Quote:
Originally Posted by
simonsimon
GSalisbury,
I wish unix was a bit flexible.
......
I hear you but I am asking the apprpriate question. This requirement could be generic for any utility not just ps.
......
Unix and GNU/Linux are extremely flexible. There are a many many ways of achieving what you want from finegrained control using SELinux and ACLs to simple methods such as aliasing. Depends on what you want to achieve and your level of expertise.
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I'm calling a program with a command line arguement containing a password. while the process is running anyone on the system can ps -ef and see the password. Is there a way to prevent this from happening.
example
PROGRAM USERNAME/PASSWD
I've also tried
PROGRAM `cat passfile`
... (7 Replies)
Discussion started by: sudojo
7 Replies
2. UNIX for Dummies Questions & Answers
Hello,
I am trying to figure out away to hide a command from users when performing a ps check. I have a ksh that purges a table in a database. If I perform a >ps -eaf |grep ksh, I get the login id and password. I do not want other users seeing this. Is there a way to hide this. The login... (5 Replies)
Discussion started by: ctcuser
5 Replies
3. Shell Programming and Scripting
Hi,
I have a simple script to ftp from unix to a mainframe to get and put files. Currently I have the password setup in a VARS file and dereference the var in my script. Doing it this way allws me to change the password in only one place but it is still viewable for many people. Is there any... (6 Replies)
Discussion started by: Cass3
6 Replies
4. UNIX for Dummies Questions & Answers
Hello. A bit of a puzzle here:
I have a 3rd party executable, which requires the following parameters:
parm1 = program_name, parm2=userid/password, parm3=additional flags.
We tried passing password as a variable, but you can do grep, and see what the password actually is
I found a bit... (2 Replies)
Discussion started by: Kishinevetz
2 Replies
5. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
6. Shell Programming and Scripting
Hi,
I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit.
At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who... (1 Reply)
Discussion started by: newbie_01
1 Replies
7. Shell Programming and Scripting
Not sure on the description, but here is a quick rundown.
I have 2 servers, we'll call them
serverA
serverB
On serverB, I am calling a script that inside it has the following:
ssh srvdsadm@serverB sudo -u dsadm /opt/apps/DataStage/scripts/autoDeploy.sh ${projName} ${subProjVar}... (1 Reply)
Discussion started by: cbo0485
1 Replies
8. Shell Programming and Scripting
Hi guys,
I use STTY command to make the password invisible.
Now I need to write the password into another file pwd.txt, but in an invisible manner, something like ******. Another thing is to when I echo the content of pwd.txt I get the password I actually typed.
Thanks guys. Help me out. (5 Replies)
Discussion started by: mohanalakshmi
5 Replies
LEARN ABOUT CENTOS
sepgsql_ranged_proc_selinux
sepgsql_ranged_proc_selinux(8) SELinux Policy sepgsql_ranged_proc sepgsql_ranged_proc_selinux(8)
NAME
sepgsql_ranged_proc_selinux - Security Enhanced Linux Policy for the sepgsql_ranged_proc processes
DESCRIPTION
Security-Enhanced Linux secures the sepgsql_ranged_proc processes via flexible mandatory access control.
The sepgsql_ranged_proc processes execute with the sepgsql_ranged_proc_t SELinux type. You can check if you have these processes running by
executing the ps command with the -Z qualifier.
For example:
ps -eZ | grep sepgsql_ranged_proc_t
PROCESS TYPES
SELinux defines process types (domains) for each process running on the system
You can see the context of a process using the -Z option to ps
Policy governs the access confined processes have to files. SELinux sepgsql_ranged_proc policy is very flexible allowing users to setup
their sepgsql_ranged_proc processes in as secure a method as possible.
The following process types are defined for sepgsql_ranged_proc:
sepgsql_ranged_proc_t
Note: semanage permissive -a sepgsql_ranged_proc_t can be used to make the process type sepgsql_ranged_proc_t permissive. SELinux does not
deny access to permissive process types, but the AVC (SELinux denials) messages are still generated.
BOOLEANS
SELinux policy is customizable based on least access required. sepgsql_ranged_proc policy is extremely flexible and has several booleans
that allow you to manipulate the policy and run sepgsql_ranged_proc with the tightest access possible.
If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
default.
setsebool -P deny_ptrace 1
If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.
setsebool -P domain_fd_use 1
If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
default.
setsebool -P domain_kernel_load_modules 1
If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.
setsebool -P fips_mode 1
If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.
setsebool -P global_ssp 1
COMMANDS
semanage fcontext can also be used to manipulate default file context mappings.
semanage permissive can also be used to manipulate whether or not a process type is permissive.
semanage module can also be used to enable/disable/install/remove policy modules.
semanage boolean can also be used to manipulate the booleans
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was auto-generated using sepolicy manpage .
SEE ALSO
selinux(8), sepgsql_ranged_proc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)
sepgsql_ranged_proc 14-06-10 sepgsql_ranged_proc_selinux(8)