Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Allowing External Scans
Top Forums UNIX for Dummies Questions & Answers Allowing External Scans Post 302961706 by jim mcnamara on Wednesday 2nd of December 2015 03:21:48 PM
Old 12-02-2015
root is a group. Are the files in question all accessible by that group?

What you really want is something akin to sudo, SUDO in HP UX : A small presentation | SYSADMINSHARE.

Then simply write a script that does precisely what is requested, and only that, then create an account that cannot do much else except login and run sudo /path/to/myscript

This way you can control what they are doing, reading only the filelystem in question and not using the root group - which has privilege.

The downside is you will have to install sudo. First. See if it looks like you can use it and are allowed to install it.

Plan B would be to create a chroot jail for that account. And only allow visibility to the mountpoint of that filesystem with readonly access. You will have to supply local copies of whatever commands you/they include in the scanning script. And not allow any write access the script. Ownership has to be other than the account you create.
Last edited by jim mcnamara; 12-02-2015 at 04:26 PM..
 

8 More Discussions You Might Find Interesting

1. Programming

allowing members of a group to kill a process

I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies

2. Red Hat

Need help in allowing symmetric cryptography[2]

I have encountered some problems in my school work. Here is the question: The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies

3. Homework & Coursework Questions

Need help in allowing symmetric cryptography[2]

The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. 4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies

4. UNIX and Linux Applications

Allowing recursion into rsyncd module directories

Hello, I am wondering if it is possible to allow rescursion into rsyncd modules. For example, I have a module set up like the following: path = /home/backup write only = yes read only = no auth users = backup secrets file =... (1 Reply)
Discussion started by: tay9000
1 Replies

5. Red Hat

Samba for anonymouse setup but not allowing me to write

Hi Friends, samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box conf as below #testparm Load smb config files from /etc/samba/smb.conf Processing section "" Processing section "" Processing section "" Loaded services file OK. Server... (0 Replies)
Discussion started by: heman96
0 Replies

6. Cybersecurity

IP Tables not allowing ports

Hi guys, I'm trying to configure iptables to only allow certain ports access. I set the first set of rules to block everything and then subsequently open ports as needed, but everything still seems to be blocked. I have read that the order matters (new to iptables), perhaps this is an issue.... (6 Replies)
Discussion started by: 3therk1ll
6 Replies

7. AIX

Ssh not allowing NIS user to login

As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies

8. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

LEARN ABOUT DEBIAN

ql-dynamic-tgt-lun-disc

ql-dynamic-tgt-disc(8)					       System Administration					    ql-dynamic-tgt-disc(8)

NAME

       ql-dynamic-tgt-lun-disc - Scans for newly added LUNs.

SYNOPSIS

       ql-dynamic-tgt-lun-disc [OPTIONS]

DESCRIPTION

       Dynamic TGT-LUN Discovery Utility

       This  utility  scans  for  newly added LUNs. After adding new LUNs, you do not need to unload, then load the QLogic FC driver or reboot the
       system

       To begin scanning the LUNs issue following command:

	      # /usr/sbin/ql-dynamic-tgt-lun-disc

       -al,   --allow-lip
	      LIP is not issued by default, even if it is required for scanning new LUNs Setting this option, allows the utility to issue LIP.

       -cl, --current-luns
	      Displays LUNS currently present

       -e,  --extended-scan
	      Use this option as "-e | --extended-scan". to rescan LUNs. This will identify any change in attributes of existing LUNs. This option
	      can be used in combination of scan/refresh or max luns

       -h,  --help, ?
	      Prints this help message

       -i,  --interactive
	      Use this option to use the menu driven program

       -is,  --iscsi
	      Use this option to operate on ISCSI HBAs, this option can be used in combination of any other supported option.

       -m,  --max-lun
	      To set the maximum LUNs to be scanned

       -p,  --proc
	      Use PROC file system for LUN scanning

       -r,  --refresh
	      To refresh, that is remove LUNs that are lost use the options "-r|--refresh". This will remove the LUNs which no more exist.

       -s,  --scan [ -r|--refresh ]
	      The QLogic LUN scan utility re-scans all the devices connected to the QLogic HBA

SEE ALSO

       ql-lun-state-online(8), ql-hba-snapshot(8), ql-set-cmd-timeout(8)

Matthias Schmitz <;matthias@sigxcpu.org> 			     July 2009						    ql-dynamic-tgt-disc(8)
All times are GMT -4. The time now is 11:43 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy