Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Allowing External Scans
Top Forums UNIX for Dummies Questions & Answers Allowing External Scans Post 302961706 by jim mcnamara on Wednesday 2nd of December 2015 03:21:48 PM
Old 12-02-2015
root is a group. Are the files in question all accessible by that group?

What you really want is something akin to sudo, SUDO in HP UX : A small presentation | SYSADMINSHARE.

Then simply write a script that does precisely what is requested, and only that, then create an account that cannot do much else except login and run sudo /path/to/myscript

This way you can control what they are doing, reading only the filelystem in question and not using the root group - which has privilege.

The downside is you will have to install sudo. First. See if it looks like you can use it and are allowed to install it.

Plan B would be to create a chroot jail for that account. And only allow visibility to the mountpoint of that filesystem with readonly access. You will have to supply local copies of whatever commands you/they include in the scanning script. And not allow any write access the script. Ownership has to be other than the account you create.
Last edited by jim mcnamara; 12-02-2015 at 04:26 PM..
 

8 More Discussions You Might Find Interesting

1. Programming

allowing members of a group to kill a process

I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies

2. Red Hat

Need help in allowing symmetric cryptography[2]

I have encountered some problems in my school work. Here is the question: The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies

3. Homework & Coursework Questions

Need help in allowing symmetric cryptography[2]

The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. 4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies

4. UNIX and Linux Applications

Allowing recursion into rsyncd module directories

Hello, I am wondering if it is possible to allow rescursion into rsyncd modules. For example, I have a module set up like the following: path = /home/backup write only = yes read only = no auth users = backup secrets file =... (1 Reply)
Discussion started by: tay9000
1 Replies

5. Red Hat

Samba for anonymouse setup but not allowing me to write

Hi Friends, samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box conf as below #testparm Load smb config files from /etc/samba/smb.conf Processing section "" Processing section "" Processing section "" Loaded services file OK. Server... (0 Replies)
Discussion started by: heman96
0 Replies

6. Cybersecurity

IP Tables not allowing ports

Hi guys, I'm trying to configure iptables to only allow certain ports access. I set the first set of rules to block everything and then subsequently open ports as needed, but everything still seems to be blocked. I have read that the order matters (new to iptables), perhaps this is an issue.... (6 Replies)
Discussion started by: 3therk1ll
6 Replies

7. AIX

Ssh not allowing NIS user to login

As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies

8. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

LEARN ABOUT OSX

heimdal_debug

heimdal_debug(5)					      BSD File Formats Manual						  heimdal_debug(5)

NAME

     heimdal_debug -- how to turn on/off debugging for Kerberos tools

DESCRIPTION

     The heimdal_debug kerberos frameworks have several knobs for controlling logging.	The different framework knobs are:

     libkrb
	  The Kerberos library, some gss-api Kerberos output ends up here too

     kcm  the kcm library (credentials cache, ntlm client)

     kdc  the kerberos KDC output

     digest-service
	  the digest service (ntlm server)

CONFIGURATION FILE

	  [logging]
		  <subsystem> = 0-/SYSLOG:
     and watch syslog for logging information.

APPLE MAC OS X

     First turn up syslog debugging
	   sudo syslog -c 0 -d
     then you can see the syslog output in Console.app or by running
	   syslog -w -k org.h5l.asl
     To enable more extensive debugging logging for each subsystem, use the following commands:

	   Kerberos Library
		sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add krb5 '0-/ASL:'

	   digest-server
		sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add digest-service '0-/ASL:'

	   kcm	sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kcm '0-/ASL:'

	   kdc	sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kdc '0-/ASL:'

	   MIT Kerberos Shim
		defaults write com.apple.MITKerberosShim EnableDebugging -bool true

	   GSS-API framework logging
		sudo defaults write /Library/Preferences/com.apple.GSS DebugLevel -int 10

Other options on Mac OS X
	  Make the admin API pretend to the server even on client
	       sudo defaults write /Library/Preferences/com.apple.Kerberos ForceHeimODServerMode -bool true

SEE ALSO

     gss(5), kerberos(8)

HEIMDAL 
							   Sep 30, 2011 							   HEIMDAL
All times are GMT -4. The time now is 04:35 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy