03-10-2016
Role based access and security
Hello,
We are planning to setup a Role based access and security to our Linux servers. We can use mostly use sudo for providing the limited access to service and files.
My query is that how can we manage that members can edit/access only specific files (it would be 1 or multiple files or placed on multi location), This seems to be very hectic if can manage from sudo to add all the entries there.
Can you please let me know the better solution for this as we have a sub teams and that team would have multiple members working for various areas.
Is ACL would be a better option somehow ?
6 More Discussions You Might Find Interesting
1. Solaris
Hi,
The security auditor give a this statement , what to do ?
On my solaris system (S10)
"The User ID "root" should not be used on the system - the su and
the priviledged account should be used from each administrator for
accountability purposes"
What to do ? (3 Replies)
Discussion started by: falcon16
3 Replies
2. SuSE
Guys
i have 2 SUSE Linux Enterprise Server 10 SP1 (i586) boxes.if i take a look into /etc/security/access.conf ,i see following lines at the eof
# All other users should be denied to get access from all sources.
#- : ALL : ALL
- : myID : ALL
now earlier i had written scripts where files... (1 Reply)
Discussion started by: ak835
1 Replies
3. AIX
Hi ..
I need to assign role based permission to users... How to assign role based permission in aix...
Thanks.. (4 Replies)
Discussion started by: sumathi.k
4 Replies
4. Linux
Hi guys ;)
I'm new here. I had been reading a long time here on the forums but now I registered finally.
And got a question for you.
Since yesterday I've got successfully installed a X11-connection from my WinXP to a RedHat EL 5 - Box. Now there's a web portal needed.
So I have to make a... (2 Replies)
Discussion started by: supermaRiio
2 Replies
5. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
If you look at the permissions associated with a symbolic link, it has universal access. Does this lead to... (0 Replies)
Discussion started by: linux17
0 Replies
6. Red Hat
Hi, I'm pretty new to Linux and I want to download security patches and install them on RHEL 5.4.
I've searched the red hat web site but cant seem to find where the download link is. (5 Replies)
Discussion started by: Jardoo
5 Replies
LEARN ABOUT REDHAT
pam_timestamp
pam_timestamp(8) System Administrator's Manual pam_timestamp(8)
NAME
pam_timestamp - authenticate using cached successful authentication attempts
SYNOPSIS
auth sufficient /lib/security/pam_timestamp.so
session optional /lib/security/pam_timestamp.so
DESCRIPTION
In a nutshell, pam_timestamp caches successful authentication attempts, and allows you to use a recent successful attempt as the basis for
authentication.
When an application opens a session using pam_timestamp, a timestamp file is created in the timestampdir directory for the user. When an
application attempts to authenticate the user, a pam_timestamp will treat a sufficiently- recent timestamp file as grounds for succeeding.
ARGUMENTS
debug turns on debugging via syslog(3).
timestampdir=name
tells pam_timestamp.so where to place and search for timestamp files. This should match the directory configured for sudo(1) in the
sudoers(5) file.
timestamp_timeout=number
tells pam_timestamp.so how long it should treat timestamp files as valid after their last modification date. This should match the
value configured for sudo(1) in the sudoers(5) file.
verbose
attempt to inform the user when access is granted.
EXAMPLE
/etc/pam.d/some-config-tool:
auth sufficient /lib/security/pam_timestamp.so verbose auth required /lib/security/pam_unix.so
session required /lib/security/pam_permit.so session optional /lib/security/pam_timestamp.so
CAVEATS
Users can get confused when they aren't always asked for passwords when running a given program. Some users reflexively begin typing
information before noticing that it's not being asked for.
SEE ALSO
pam_timestamp_check(8)
BUGS
Let's hope not, but if you find any, please email the author.
AUTHOR
Nalin Dahyabhai <nalin@redhat.com>
Red Hat Linux 2002/02/07 pam_timestamp(8)