Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sudoers for one day per week?
Top Forums UNIX for Dummies Questions & Answers Sudoers for one day per week? Post 302895318 by bakunin on Monday 31st of March 2014 07:28:34 AM
Old 03-31-2014
Quote:
Originally Posted by alan
At least, the majority of users should not be able to use vi, cp, mv and rm.
I think you are doing that from the wrong end. Let us take a step back:

There are certain files which are pertinent to the proper operation of the system: operating system binaries, libraries, vital configuration files, ... To identify these seems like a lot of work, but the UNIX filesystem hierarchy, if properly used, will assist by concentrating these vital things into a few directories. Identify all these files/directories. "Normal" users should not have write access to any of these files/directories. Still, every user should be able to modify his own files/directories. Taking away access to "vi" seems like a good idea, but you take away the ability to even take a note with it - and you would have to take away a lot of other commands too, which can modify a file too: dd, cat, ed, ex, cp, paste, join, sort, echo, print, printf, sed, awk, ... this list is endless.

Instead of limiting the tools to modify files it is better to limit the access to the filesy themselves. As long as you are not allowed to modify fileX it doesn't matter if you try to do it with "vi" or any other tool.

Another aspect: you can limit the privilege to modify vital files to certain people but you can't make these behave more responsible by a security measure. In every scenario there will be at least one person who is allowed to wreak havoc on the system. The privilege to use comes always with the privilege to misuse - because the system cannot separate legit and illegitimate use of a resource at all. In a nutshell: you cannot prevent root from being root.

This is the reason why "Sysadmin" is a job usually done by a very small select group of people - specially trained and qualified for the job - and all the others are limited to a small part of the system. Still, even for these goes: if you can use something it is within your power to misuse it and if you are the admin for the "foo" software and can edit its config files you can perhaps misconfigure it in a way that it won't start, won't be accessible or won't work properly in some other respect.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Calculating the day of the week

Hi all, I would like to calculate the day of the week using a supplied date. i.e. 20011012 = Day 5. Any ideas? Many thanks, ligs (4 Replies)
Discussion started by: ligs
4 Replies

2. Programming

Function that gets the day of the week (0-6) ??

Hi , I am working at Unix system,using c lang. I need c fun which return the day of the week . For example : 0- Sunday. 1- Monday. .... 10x. (4 Replies)
Discussion started by: kamil
4 Replies

3. Shell Programming and Scripting

Yesterday's Day of week

I need o get yesterday's day of week but im not exactly sure. the actual name is what i want. I can do it with numbers but im not sure with words. (3 Replies)
Discussion started by: rcunn87
3 Replies

4. UNIX for Dummies Questions & Answers

Changing First Day Of The Week?

Hi All, Our system is running on Solaris 8 and we are using US locale. By default the First Day Of Week is Sunday, is it possible for us to change it to Monday? I have googled it but found very little of use. THanks in advance. (2 Replies)
Discussion started by: fowlerleftfoot
2 Replies

5. HP-UX

Get Day of Week from date

Hi All, I have date in string format 'YYYY-MM-DD'. I want to know day of the week for this date. Example. For '2005-08-21' my script should return '0' or Sunday For '2005-08-22' it should return '1' or Monday I want piece of code for HP-UX korn shell. Appreciate reply on this. (5 Replies)
Discussion started by: vpapaiya
5 Replies

6. UNIX and Linux Applications

Day of week different in windows and Linux

Hi all, My program is getting date from database (oracle) and am getting that date's day of week also. In windows its giving one number and different in linux ;) For Example: 30 - Jun - 2009 Am getting 2 in windows and 3 in Linux. Am not understanding whats going wrong.. Am... (3 Replies)
Discussion started by: rajinavaneethan
3 Replies

7. Shell Programming and Scripting

Get day of week from cal

Hi all, I am trying to get dow from cal using below script #! /bin/bash YEAR=`echo $1 | cut -c 1-4` MONTH=`echo $1 | cut -c 5-6` DAY=`echo $1 | cut -c 7-8` for i in 1 2 3 4 5 6 7 do dayofweek=`cal $MONTH $YEAR | awk '$i == $DAY {printf("%s","$i")}'` echo $dayofweek... (4 Replies)
Discussion started by: bzylg
4 Replies

8. UNIX for Dummies Questions & Answers

Day of the week from a string

Hi All, I need to know how to derive the day of the week by passing the value in following format: Feb 28 2010 The output I'm expecting is Sunday or Sun. I know, I can use the following code to get the day of the week. date +%a But I want to pass the value as a string. Please help... (11 Replies)
Discussion started by: shash
11 Replies

9. HP-UX

Find Day of Week

In HP-UX the date command does not have the "-d" switch like some other *nixes do. I'm working a simple script to tell me, given the day, month and year what day of the week that falls on. Assuming valid day, month and year input (I'd perform quality checks on the input separately, but not... (5 Replies)
Discussion started by: rwuerth
5 Replies

10. Shell Programming and Scripting

Get the week's day

Hi All, I have the below requirement , if i give the week number for ex 41 i need to get the date for Monday and thursday for this given week. my expected output is 13/10/2014 (Monday's date) and 16/10/2014 (Thursday's date) I am using GNU LINUX . Pls help me with your thoughts. Thanks in... (7 Replies)
Discussion started by: mohanalakshmi
7 Replies

LEARN ABOUT CENTOS

dh_fixperms

DH_FIXPERMS(1)							     Debhelper							    DH_FIXPERMS(1)

NAME

       dh_fixperms - fix permissions of files in package build directories

SYNOPSIS

       dh_fixperms [debhelperoptions] [-Xitem]

DESCRIPTION

       dh_fixperms is a debhelper program that is responsible for setting the permissions of files and directories in package build directories to
       a sane state -- a state that complies with Debian policy.

       dh_fixperms makes all files in usr/share/doc in the package build directory (excluding files in the examples/ directory) be mode 644. It
       also changes the permissions of all man pages to mode 644. It removes group and other write permission from all files. It removes execute
       permissions from any libraries, headers, Perl modules, or desktop files that have it set. It makes all files in the standard bin and sbin
       directories, usr/games/ and etc/init.d executable (since v4). Finally, it removes the setuid and setgid bits from all files in the package.

       When the Rules-Requires-Root field has the (effective) value of binary-targets, dh_fixperms will also reset the ownership of all paths to
       "root:root".

OPTIONS

       -Xitem, --exclude item
	   Exclude files that contain item anywhere in their filename from having their permissions changed. You may use this option multiple
	   times to build up a list of things to exclude.

SEE ALSO

       debhelper(7)

       This program is a part of debhelper.

AUTHOR

       Joey Hess <joeyh@debian.org>

11.1.6ubuntu2							    2018-05-10							    DH_FIXPERMS(1)
All times are GMT -4. The time now is 11:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy