Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Chmod by multiple users.
Top Forums Shell Programming and Scripting Chmod by multiple users. Post 303002407 by Corona688 on Wednesday 23rd of August 2017 02:47:40 PM
Old 08-23-2017
Quote:
Originally Posted by mohtashims
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.

Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
The problem, mainly, is that you're logging things as the same user you want to monitor. This means, by definition:
  • Everything you log, they can delete.
  • Everything you do, they can undo.
  • Everything you run, they can kill.
  • Everything you make, they can destroy.

This leaves it wide-open to both intentional and accidental abuse. There is no amount of shell script alone you can write to avoid this.

To prevent users from deleting the stuff being logged about them, it has to be logged somewhere they can't control. Meaning, the logging code has to run as some other user.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

users need to chmod on newly ftp'd files

Is there a way to specify 774 permissions for a file uploaded to an app server via ftp without the users logging in and doing a chmod on the file they just put? I understand they were doing this with an old shared account, and it was working. When they started using their own accounts it stopped... (1 Reply)
Discussion started by: jgentile
1 Replies

2. Shell Programming and Scripting

Apply `chmod` for multiple files through FTP

Hi all, Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies

3. Solaris

How to add multiple users

HI, 1.I want to add multiple users at a same time. How to achive this , since useradd will add only one user at a time,. 2.Also let me know how to install a software in a group of machines where the machines are not configured as zones (1 Reply)
Discussion started by: rogerben
1 Replies

4. UNIX and Linux Applications

What is the difference between chmod in solaris and chmod in Linux?

i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies

5. Red Hat

Multiple Users

I need to have more than one user logged into my PC's VMWare Linux virtual simultaneously, each seeing a graphical display, to test my software's ability to affect their displays one by one. I have never done anything like this before. My Linux virtuals have been for my development only, that is... (3 Replies)
Discussion started by: BrandonShw
3 Replies

6. UNIX for Dummies Questions & Answers

Users in multiple groups?

Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance Using Red Hat and here are the issues: Example: Users: Bob Mark Groups: SystemsAnalysts BusinessAnalysts If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Discussion started by: hansokl
2 Replies

7. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies

8. UNIX for Advanced & Expert Users

Multiple Users - Multiple Scripts

Hello All, I have to restart 100's of scripts for at least 20+ users once the server restarts for any reason. I wanted to come up with a single script to trigger of all scripts/programs under all users with just one script (without root privilege). Is it possible to do so? :confused: If not,... (6 Replies)
Discussion started by: PikK45
6 Replies

LEARN ABOUT CENTOS

pam_console

pam_console(8)						   System Administrator's Manual					    pam_console(8)

NAME

       pam_console - determine user owning the system console

SYNOPSIS

       session optional pam_console.so
       auth required pam_console.so

DESCRIPTION

       pam_console.so  is  designed to give users at the physical console (virtual terminals and local xdm-managed X sessions by default, but that
       is configurable) capabilities that they would not otherwise have, and to take those capabilities away when the are no longer logged  in	at
       the console.  It provides two main kinds of capabilities: file permissions and authentication.

       When a user logs in at the console and no other user is currently logged in at the console, pam_console.so will run handler programs speci-
       fied in the file /etc/security/console.handlers such as pam_console_apply which changes permissions and ownership of files as described	in
       the file /etc/security/console.perms.  That user may then log in on other terminals that are considered part of the console, and as long as
       the user is still logged in at any one of those terminals, that user will own those devices.  When the user logs out of the last  terminal,
       the console may be taken by the next user to log in.  Other users who have logged in at the console during the time that the first user was
       logged in will not be given ownership of the devices unless they log in on one of the terminals; having done so on any  one  terminal,  the
       next  user will own those devices until he or she has logged out of every terminal that is part of the physical console.  Then the race can
       start for the next user.  In practice, this is not a problem; the physical console is not generally in use by many people at the same time,
       and pam_console.so just tries to do the right thing in weird cases.

       When  an  application  attempts	to  authenticate the user and this user is already logged in at the console, pam_console.so checks whether
       there is a file in /etc/security/console.apps/ directory with the same name as the application servicename, and	if  such  a  file  exists,
       authentication  succeeds.  This	way pam_console may be utilized to run some system applications (reboots, config tools) without root pass-
       word, or to enter user password on the first system login only.

ARGUMENTS

       debug  turns on debugging

       allow_nonroot_tty
	      gain console locks and change permissions even if the TTY's owner is not root.

       handlersfile=filename
	      tells pam_console.so to get the list of the handlers from a different file than /etc/security/console.handlers

EXAMPLE

       /etc/pam.d/some-system-tool:
       auth sufficient pam_rootok.so
       auth required pam_console.so

       /etc/pam.d/some-login-service:
       auth sufficient pam_console.so
       auth required pam_unix.so
       session required pam_unix.so
       session optional pam_console.so

FILES

       /var/run/console/
       /var/run/console/console.lock
       /etc/security/console.apps
       /etc/security/console.handlers

SECURITY NOTES

       When pam_console "auth" is used for login services which provide possibility of remote login, it is necessary to make sure the  application
       correctly sets PAM_RHOST variable, or to deny remote logins completely.	Currently, /bin/login (invoked from telnetd) and gdm is OK, others
       may be not.

SEE ALSO

       console.perms(5)
       console.apps(5)
       console.handlers(5)
       pam_console_apply(8)
       /usr/share/doc/pam*/html/index.html

BUGS

       Let's hope not, but if you find any, please report them via the "Bug Track" link at http://bugzilla.redhat.com/bugzilla/

AUTHORS

       Michael K. Johnson <johnsonm@redhat.com>
       Support of console.handlers and other improvements by Tomas Mraz <tmraz@redhat.com>

Red Hat 							     2005/10/4							    pam_console(8)
All times are GMT -4. The time now is 07:32 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy