Sponsored Content
Operating Systems Linux Read only access for Group called "Developers" to all folders on the Centos 6.6 Post 302954731 by rbatte1 on Thursday 10th of September 2015 12:08:32 PM
Old 09-10-2015
I would consider having sudo rule written to allow them to run a script that you control. That script could then look at whatever files you think are appropriate for them, but stop them having direct access or blanket access.

You don't want them reading just everything, such as the encrypted passwords, private ssh keys (might make ssh fail anyway), process maps, raw devices etc.


Robin
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

how to request a "read" or "delivered" receipt for mails

Dears, I've written a script which allows me to send mails in different formats with different attaches. Now I still want to add a feature to this script. My users would like to be able to receive a "read" or "delivered" receipt for their mails. The script send mails on behalve of an specific... (1 Reply)
Discussion started by: plelie2
1 Replies

2. Windows & DOS: Issues & Discussions

Samba (SMB) client fails: "Called name not present"

Hi, I issue smbclient on a Linux REd hat server : smbclient -L ***.16.0.42 -U domaine/Administrator Password: Domain= OS= Server= Domain= OS= Server= Sharename Type Comment --------- ---- ------- IPC$ IPC IPC distant ... (0 Replies)
Discussion started by: big123456
0 Replies

3. UNIX for Advanced & Expert Users

All alias in .profile lost when "script" command is called

Hi, I was trying to call "script <an ip add>" command from .profile file to log everything whenever anyone logs in to this user. I did the following at the end of .profile. 1) Extracted the IP address who logged in 2) Called script < ip add> . The problem I am facing is all, aliases etc. written... (3 Replies)
Discussion started by: amicon007
3 Replies

4. Shell Programming and Scripting

read -p "prompt text" foo say "read: bad option(s)" in Bourne-Shell

Hallo, i need a Prompting read in my script: read -p "Enter your command: " command But i always get this Error: -p: is not an identifier When I run these in c-shell i get this error /usr/bin/read: read: bad option(s) How can I use a Prompt in the read command? (9 Replies)
Discussion started by: wiseguy
9 Replies

5. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

6. Shell Programming and Scripting

Purpose of "read" and "$END$" in ksh ?

Hi, Could anyone please shed some light on the following script lines and what is it doing as it was written by an ex-administrator? cat $AMS/version|read a b verno d DBVer=$(/usr/bin/printf "%7s" $verno) I checked that the cat $AMS/version command returns following output: ... (10 Replies)
Discussion started by: dbadmin100
10 Replies

7. Shell Programming and Scripting

Read from "list1" and list matches in "list2"

I want to print any matching IP addresse in List1 with List 2; List 1 List of IP addresses; 161.85.58.210 250.57.15.129 217.23.162.249 74.76.129.101 30.221.177.237 3.147.200.59 170.58.142.64 127.65.109.33 150.167.242.146 223.3.20.186 25.181.180.99 2.55.199.32 (3 Replies)
Discussion started by: lewk
3 Replies

8. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
ssh-keysign(1M) 														   ssh-keysign(1M)

NAME
ssh-keysign - ssh helper program for host-based authentication SYNOPSIS
ssh-keysign ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the client user. ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host- basedAuthentication to yes. ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen- tication. /etc/ssh/ssh_config Controls whether ssh-keysign is enabled. /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based authentication is used. ssh-keysign will not sign host-based authentication data under the following conditions: o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri- den in users' ~/.ssh/ssh_config files. o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is invoked and the name of the user invoking ssh-keysign. In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default. See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWsshu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ ssh(1), sshd(1M), ssh_config(4), attributes(5) AUTHORS
Markus Friedl, markus@openbsd.org HISTORY
ssh-keysign first appeared in Ox 3.2. 9 Jun 2004 ssh-keysign(1M)
All times are GMT -4. The time now is 01:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy