Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Allowing External Scans
Top Forums UNIX for Dummies Questions & Answers Allowing External Scans Post 302961706 by jim mcnamara on Wednesday 2nd of December 2015 03:21:48 PM
Old 12-02-2015
root is a group. Are the files in question all accessible by that group?

What you really want is something akin to sudo, SUDO in HP UX : A small presentation | SYSADMINSHARE.

Then simply write a script that does precisely what is requested, and only that, then create an account that cannot do much else except login and run sudo /path/to/myscript

This way you can control what they are doing, reading only the filelystem in question and not using the root group - which has privilege.

The downside is you will have to install sudo. First. See if it looks like you can use it and are allowed to install it.

Plan B would be to create a chroot jail for that account. And only allow visibility to the mountpoint of that filesystem with readonly access. You will have to supply local copies of whatever commands you/they include in the scanning script. And not allow any write access the script. Ownership has to be other than the account you create.
Last edited by jim mcnamara; 12-02-2015 at 04:26 PM..
 

8 More Discussions You Might Find Interesting

1. Programming

allowing members of a group to kill a process

I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies

2. Red Hat

Need help in allowing symmetric cryptography[2]

I have encountered some problems in my school work. Here is the question: The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies

3. Homework & Coursework Questions

Need help in allowing symmetric cryptography[2]

The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. 4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies

4. UNIX and Linux Applications

Allowing recursion into rsyncd module directories

Hello, I am wondering if it is possible to allow rescursion into rsyncd modules. For example, I have a module set up like the following: path = /home/backup write only = yes read only = no auth users = backup secrets file =... (1 Reply)
Discussion started by: tay9000
1 Replies

5. Red Hat

Samba for anonymouse setup but not allowing me to write

Hi Friends, samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box conf as below #testparm Load smb config files from /etc/samba/smb.conf Processing section "" Processing section "" Processing section "" Loaded services file OK. Server... (0 Replies)
Discussion started by: heman96
0 Replies

6. Cybersecurity

IP Tables not allowing ports

Hi guys, I'm trying to configure iptables to only allow certain ports access. I set the first set of rules to block everything and then subsequently open ports as needed, but everything still seems to be blocked. I have read that the order matters (new to iptables), perhaps this is an issue.... (6 Replies)
Discussion started by: 3therk1ll
6 Replies

7. AIX

Ssh not allowing NIS user to login

As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies

8. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

LEARN ABOUT DEBIAN

csp_helper

csp_helper(1)							  USER COMMANDS 						     csp_helper(1)

  NAME
      csp_helper - A collection of caspar helper scripts

  SYNOPSIS
      csp_install dir (directory) file (file)

      csp_mkdircp dir (directory) file (file)

      csp_scp_keep_mode h ([user@]host) dir (directory) file (file)

      csp_sucp h ([user@]host) dir (directory) file (file)

  DESCRIPTION
      The  scripts  csp_install,  csp_mkdircp,	csp_scp_keep_mode  and csp_sucp are helpers for caspar(7). These scripts typically are not invoked
      directly, but via a Makefile which uses caspar. See the notes on	csp_PUSH  in  caspar(7)  for  information  on  how  to	link  csp_install,
      csp_scp_keep_mode and csp_sucp to caspar.

  install DESCRIPTION
      csp_install creates the required directory (if needed) and installs the file, preserving timestamps. It uses install(1).

  install EXAMPLES
       csp_INSTALL_OPTIONS='--owner=www-data --group=www-data' 
	csp_INSTALL_MODE=ugo=r 
	csp_install /srv/www index.html

       csp_INSTALL_MODE=u=rwx,go= csp_install /usr/local/sbin mkpasswd

  install ENVIRONMENT
      csp_install honors csp_INSTALL_OPTIONS and csp_INSTALL_MODE (default is u=rw,go=r).

  mkdircp DESCRIPTION
      csp_mkdircp calls mkdir(1) and cp(1).

  scp_keep_mode DESCRIPTION
      csp_scp_keep_mode  uses  ssh to copy a file to a remote host, keeping its file permission mode. The trick used is a combination of mktemp(1)
      and mv(1).  Useful if you'd like to be sure a file gets installed e.g. group writable, without fiddling with permission bits on  the  remote
      host.

  scp_keep_mode EXAMPLE
	chmod g+w rc
	csp_scp_keep_mode root@gandalf /etc/uruk rc

  scp_keep_mode ENVIRONMENT
      csp_scp_keep_mode honors csp_SSH ("ssh" by default).

  sucp DESCRIPTION
      csp_sucp calls cat(1) from within sudo(1) from within ssh(1). This allows one to copy files to accounts on hosts one can only reach by call-
      ing sudo on the ssh-reachable remote host.

      Typically, one wants to install a root-owned file, but one does not want to allow access to the root-account directly  from  ssh.  Typically
      sudo is used as an extra line of defense.

  sucp EXAMPLES
      Some examples:

	csp_sucp rms@bilbo /etc fstab

	csp_sucp monty-python commit/ trailer.txt

  sucp BUGS
      If  NOPASSWD  is	not  set in the sudoers(5) file, and one's timestamp is expired, csp_sucp will forward the sudo password prompt. The given
      password will be echoed on the console!

  AUTHOR
      Joost van Baal-Ili

  SEE ALSO
      caspar(7) The caspar homepage is at http://mdcc.cx/caspar/ .

  csp_helper 20120514						      14 mai 2012						       csp_helper(1)
All times are GMT -4. The time now is 07:18 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy