06-26-2014
Quote:
Originally Posted by
Corona688
...or just use groups to define a group of users? Groups being what groups are... What I would do:
Create a user specifically for the file, so that only that user has access. Then, give that user no password and an invalid login shell. So you have an account that cannot be su-ed into.
Then, use sudo to allow people in a certain group to run commands as that user -- but only the commands you want to allow, only in the exact way you want to allow. Allowing 'sudo -u username /path/to/mycustomwrapper.sh' may be one way to do this.
And finally: If any of these people have root access, there is nothing you can do to protect your system from them.
Now that right there is a very good idea that I had not thought of. My goal for the day is to implement the system you speak of exactly.
You sir, are a gentleman and a scholar.
This User Gave Thanks to adtuck For This Post:
8 More Discussions You Might Find Interesting
1. Solaris
Hello.
I am asked to build a new UNIX Server for Development environment before we could ask the high level experts to build production environment. Could you please let me know what all must I have to know and the steps inorder to build ux server?
Thank you! (0 Replies)
Discussion started by: panchpan
0 Replies
2. UNIX for Advanced & Expert Users
Hello.
I am asked to build a new UNIX Server for Development environment before we could ask the high level experts to build production environment. Could you please let me know what all must I have to know and the steps inorder to build ux server?
Thank you! (2 Replies)
Discussion started by: panchpan
2 Replies
3. Post Here to Contact Site Administrators and Moderators
Privacy Policy for The UNIX and Linux Forums
If you require any more information or have any questions about our privacy policy, please feel free to contact us by email or post your question as a reply to this thread.
At The UNIX and Linux Forums, the privacy of our visitors is of extreme... (0 Replies)
Discussion started by: Neo
0 Replies
4. Shell Programming and Scripting
For the following perl script, can anyone help to convert it to awk statement in windows2003 server environment ?
Code:
foreach $k (sort {$a <=> $b} keys %psnum) (1 Reply)
Discussion started by: tojzz
1 Replies
5. Shell Programming and Scripting
Hi All,
Let me know how can i find and delete files from one unix server to another unix server which are 'N' days older.
Please note that I need to delete files on remote unix server.So, probably i will need to use sftp, but question is how can i identify files and folders which are 'N'... (2 Replies)
Discussion started by: sachinkl
2 Replies
6. AIX
Hello guys! Can you suggest some software for doucmenting Servers?
thanks in advance
edit by bakunin: typo in thread title corrected. (14 Replies)
Discussion started by: Vit0_Corleone
14 Replies
7. UNIX for Advanced & Expert Users
Hello,
Usually I use "vxresize" to grow vxfs directory in a stand-alone server without any problems, but I am just told to grow vxfs directorys in Veritas Cluster nodes.
Since I never done it before, would like to ask all the experts here to make sure the concept and steps will be fine... (1 Reply)
Discussion started by: sunnychen98
1 Replies
8. What is on Your Mind?
Dear All,
Please read version Version 0.81 28 May 2018 of our draft
UNIX.COM General Data Privacy Regulations (GDPR) Compliance.
If you have any data privacy questions or concerns, or would like to see us address any other data privacy topic related to your personal data at UNIX.COM,... (12 Replies)
Discussion started by: Neo
12 Replies
LEARN ABOUT OPENDARWIN
vllog
VLLOG(5) AFS File Reference VLLOG(5)
NAME
VLLog - Traces Volume Location Server operations
DESCRIPTION
The VLLog file records a trace of Volume Location (VL) Server (vlserver process) operations on the local machine and describes any error
conditions it encounters.
If the VLLog file does not already exist in the /var/log/openafs directory when the VL Server starts, the server process creates it and
writes initial start-up messages to it. If there is an existing file, the VL Server renames it to VLLog.old, overwriting the existing
VLLog.old file if it exists.
The file is in ASCII format. Administrators listed in the /etc/openafs/server/UserList file can use the bos getlog command to display its
contents. Alternatively, log onto the server machine and use a text editor or a file display command such as the UNIX cat command. By
default, the mode bits on the VLLog file grant the required "r" (read) permission to all users.
The VL Server records operations only as it completes them, and cannot recover from failures by reviewing the file. The log contents are
useful for administrative evaluation of process failures and other problems.
The VL Server can record messages at three levels of detail. By default, it records only very rudimentary messages. To increase logging to
the first level of detail, issue the following command while logged onto the database server machine as the local superuser "root".
# kill -TSTP <vlserver_pid>
where <vlserver_pid> is the process ID of the vlserver process, as reported in the output from the standard UNIX ps command. To increase to
the second and third levels of detail, repeat the command.
To disable logging, issue the following command.
# kill -HUP <vlserver_pid>
To decrease the level of logging, first completely disable it and then issue the "kill -TSTP" command as many times as necessary to reach
the desired level.
SEE ALSO
UserList(5), bos_getlog(8), vlserver(8)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2012-03-26 VLLOG(5)