09-10-2015
I would consider having sudo rule written to allow them to run a script that you control. That script could then look at whatever files you think are appropriate for them, but stop them having direct access or blanket access.
You don't want them reading just everything, such as the encrypted passwords, private ssh keys (might make ssh fail anyway), process maps, raw devices etc.
Robin
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Dears,
I've written a script which allows me to send mails in different formats with different attaches. Now I still want to add a feature to this script. My users would like to be able to receive a "read" or "delivered" receipt for their mails.
The script send mails on behalve of an specific... (1 Reply)
Discussion started by: plelie2
1 Replies
2. Windows & DOS: Issues & Discussions
Hi,
I issue smbclient on a Linux REd hat server :
smbclient -L ***.16.0.42 -U domaine/Administrator
Password:
Domain= OS= Server=
Domain= OS= Server=
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC distant
... (0 Replies)
Discussion started by: big123456
0 Replies
3. UNIX for Advanced & Expert Users
Hi,
I was trying to call "script <an ip add>" command from .profile file to log everything whenever anyone logs in to this user. I did the following at the end of .profile. 1) Extracted the IP address who logged in 2) Called script < ip add> . The problem I am facing is all, aliases etc. written... (3 Replies)
Discussion started by: amicon007
3 Replies
4. Shell Programming and Scripting
Hallo,
i need a Prompting read in my script:
read -p "Enter your command: " command
But i always get this Error:
-p: is not an identifier
When I run these in c-shell i get this error
/usr/bin/read: read: bad option(s)
How can I use a Prompt in the read command? (9 Replies)
Discussion started by: wiseguy
9 Replies
5. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
6. Shell Programming and Scripting
Hi,
Could anyone please shed some light on the following script lines and what is it doing as it was written by an ex-administrator?
cat $AMS/version|read a b verno d
DBVer=$(/usr/bin/printf "%7s" $verno)
I checked that the cat $AMS/version command returns following output:
... (10 Replies)
Discussion started by: dbadmin100
10 Replies
7. Shell Programming and Scripting
I want to print any matching IP addresse in List1 with List 2;
List 1
List of IP addresses;
161.85.58.210
250.57.15.129
217.23.162.249
74.76.129.101
30.221.177.237
3.147.200.59
170.58.142.64
127.65.109.33
150.167.242.146
223.3.20.186
25.181.180.99
2.55.199.32 (3 Replies)
Discussion started by: lewk
3 Replies
8. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
LEARN ABOUT LINUX
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
/etc/ssh/ssh_host_dsa_key-cert.pub
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate information corresponding with the private keys above.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
August 31, 2010 BSD