Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User account logging
Top Forums UNIX for Dummies Questions & Answers User account logging Post 302598896 by Corona688 on Wednesday 15th of February 2012 04:23:33 PM
Old 02-15-2012
Don't bump posts. We are not "on call". If you don't get an answer immediately, wait!

Quote:
Originally Posted by oraclermanpt
we have multiple users having access to orapps. anyone can change permissions
You can grant them read and write access even if they're not the owner. Not being the owner would prevent them from chmod-ing it.

Of course, if they have write access, they never needed chmod, because they can write to it. If they have access to a file and have shell access, they have access to a file and have shell access. This is why giving 9 people the same shell account is a bad idea...

Quote:
I think script in bash_profile might work.
Nothing would stop them from killing script and falsifying its results. If they have access to their files and processes, they have access to their files and processes. This is why giving 9 people the same shell account is a bad idea...

Do they truly need shell access to this account? Might they just need the ability to do a few very specific things as this user? You could limit them with sudo. Only allow a few specific users to run your very own wrapper script under this user, a wrapper script which records and formats their input in whatever way you like. This would let you control which users get to run it, too, without having to give them all the same password. You'd be able to track which users were running it when, too. You may even be able to do it seamlessly with an alias.
Last edited by Corona688; 02-15-2012 at 05:40 PM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

User logging log

Hi, Does anybody knows is there a way or how to records user logging record? thanks in advance (4 Replies)
Discussion started by: jennifer
4 Replies

2. Solaris

Tracing a user and logging his actions

Dear All, I want to enable the tracing for a user and logging all things he do in a log file.......... Thaaanks (2 Replies)
Discussion started by: adel8483
2 Replies

3. HP-UX

Issue with user logging in to HP UX Server

Hi, I wonder if anyone is able to assist me. I have a HP UX server and some HP UX workstations that has been migrated from another network. I have changed the IP Addresses and everything seems to be working fine. However, the users are complaining that they are unable to login to the UX... (1 Reply)
Discussion started by: michaelgim
1 Replies

4. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

5. AIX

Logging user logins

I want to know how I can turn off and turn on login logging. We have a server that appears to have stopped logging user logins. Running the who command shows nothing and the last command shows no logins for a month. The var/adm/wtmp file isn't full and there is plenty of space in the var file... (2 Replies)
Discussion started by: daveisme
2 Replies

6. UNIX for Dummies Questions & Answers

How to avoid logging with root user?

I have created a linux machine and installed some softwares on it with root user privileges . I used to login with root user credentials for doing the various task. Later i have realise that this is not the best practice to follow and there should be a new user with less privileges to be created... (1 Reply)
Discussion started by: pinga123
1 Replies

7. Shell Programming and Scripting

Logging in unix account taking password from a parameter file

Hi All, I am writing a script where it updates a file in an unix account. To update that file i need to be logged in as that account user. say account name is ab01 and its password is passab01. What i want to do is, my script should read login id and password from a parameter file and... (4 Replies)
Discussion started by: pkbond
4 Replies

8. UNIX for Advanced & Expert Users

Logging User Sessions

Hello, I am using a Linux server (Ubuntu 11.04 Server) to host some files and a code repository. Because we are using ssh + svn to connect to the repository, our users have normal ssh access. What I would like to do is log their user sessions so that I have an audit trail in the event that... (2 Replies)
Discussion started by: chrisb1609
2 Replies

9. Shell Programming and Scripting

User Logging

Hi, I have several engineers logging into servers with the same system username and passwords eg root. I was thinking about adding a script to bashrc where a user is forced upon login to enter their name and once that has executed there history is logged/redirected to a log file somewhere. I... (10 Replies)
Discussion started by: maxwellhouse
10 Replies

10. Shell Programming and Scripting

Logging in to 100 server to test my account

I have been logging to 100 server everyday to test if I can login to the server. I created a script to ssh-copy-id to every host so next time it will be password less. Now it keeps prompting me Are you sure you want to continue connecting (yes/no)? yes This is normal for first time login.... (2 Replies)
Discussion started by: invinzin21
2 Replies

LEARN ABOUT REDHAT

passwd

PASSWD(5)							   File formats 							 PASSWD(5)

NAME

       passwd - password file

DESCRIPTION

       Passwd  is  a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group
       ID, home directory, shell, etc.	Often, it also contains the encrypted passwords for each account.  It should have general read	permission
       (many utilities, like ls(1) use it to map user IDs to user names), but write access only for the superuser.

       In  the	good old days there was no great problem with this general read permission.  Everybody could read the encrypted passwords, but the
       hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that  of  a  friendly  user-community.
       These  days  many  people  run some version of the shadow password suite, where /etc/passwd has *'s instead of encrypted passwords, and the
       encrypted passwords are in /etc/shadow which is readable by the superuser only.

       Regardless of whether shadow passwords are used, many sysadmins use a star in the encrypted password field to make sure that this user  can
       not authenticate him- or herself using a password. (But see the Notes below.)

       If you create a new login, first put a star in the password field, then use passwd(1) to set it.

       There is one entry per line, and each line has the format:

	      account:password:UID:GID:GECOS:directory:shell

       The field descriptions are:

	      account	the name of the user on the system.  It should not contain capital letters.

	      password	the encrypted user password or a star.

	      UID	the numerical user ID.

	      GID	the numerical primary group ID for this user.

	      GECOS	This  field  is  optional and only used for informational purposes.  Usually, it contains the full user name.  GECOS means
			General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was  sold
			to Honeywell.  Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine.  The gcos
			field in the password file was a place to stash the information for the $IDENTcard.  Not elegant."

	      directory the user's $HOME directory.

	      shell	the program to run at login (if empty, use /bin/sh).  If set to a non-existing executable, the	user  will  be	unable	to
			login through login(1).

NOTE

       If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.

       If  the	encrypted  password  is  set  to a star, the user will be unable to login using login(1), but may still login using rlogin(1), run
       existing processes and initiate new ones through rsh(1), cron(1), at(1), or mail filters, etc.  Trying to lock an account by simply  chang-
       ing the shell field yields the same result and additionally allows the use of su(1).

FILES

       /etc/passwd

SEE ALSO

       passwd(1), login(1), su(1), group(5), shadow(5)

								    1998-01-05								 PASSWD(5)
All times are GMT -4. The time now is 09:46 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy