Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Chmod by multiple users.
Top Forums Shell Programming and Scripting Chmod by multiple users. Post 303002407 by Corona688 on Wednesday 23rd of August 2017 02:47:40 PM
Old 08-23-2017
Quote:
Originally Posted by mohtashims
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.

Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
The problem, mainly, is that you're logging things as the same user you want to monitor. This means, by definition:
  • Everything you log, they can delete.
  • Everything you do, they can undo.
  • Everything you run, they can kill.
  • Everything you make, they can destroy.

This leaves it wide-open to both intentional and accidental abuse. There is no amount of shell script alone you can write to avoid this.

To prevent users from deleting the stuff being logged about them, it has to be logged somewhere they can't control. Meaning, the logging code has to run as some other user.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

users need to chmod on newly ftp'd files

Is there a way to specify 774 permissions for a file uploaded to an app server via ftp without the users logging in and doing a chmod on the file they just put? I understand they were doing this with an old shared account, and it was working. When they started using their own accounts it stopped... (1 Reply)
Discussion started by: jgentile
1 Replies

2. Shell Programming and Scripting

Apply `chmod` for multiple files through FTP

Hi all, Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies

3. Solaris

How to add multiple users

HI, 1.I want to add multiple users at a same time. How to achive this , since useradd will add only one user at a time,. 2.Also let me know how to install a software in a group of machines where the machines are not configured as zones (1 Reply)
Discussion started by: rogerben
1 Replies

4. UNIX and Linux Applications

What is the difference between chmod in solaris and chmod in Linux?

i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies

5. Red Hat

Multiple Users

I need to have more than one user logged into my PC's VMWare Linux virtual simultaneously, each seeing a graphical display, to test my software's ability to affect their displays one by one. I have never done anything like this before. My Linux virtuals have been for my development only, that is... (3 Replies)
Discussion started by: BrandonShw
3 Replies

6. UNIX for Dummies Questions & Answers

Users in multiple groups?

Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance Using Red Hat and here are the issues: Example: Users: Bob Mark Groups: SystemsAnalysts BusinessAnalysts If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Discussion started by: hansokl
2 Replies

7. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies

8. UNIX for Advanced & Expert Users

Multiple Users - Multiple Scripts

Hello All, I have to restart 100's of scripts for at least 20+ users once the server restarts for any reason. I wanted to come up with a single script to trigger of all scripts/programs under all users with just one script (without root privilege). Is it possible to do so? :confused: If not,... (6 Replies)
Discussion started by: PikK45
6 Replies

LEARN ABOUT FREEBSD

login

LOGIN(1)						    BSD General Commands Manual 						  LOGIN(1)

NAME

     login -- log into the computer

SYNOPSIS

     login [-fp] [-h hostname] [user]

DESCRIPTION

     The login utility logs users (and pseudo-users) into the computer system.

     If no user is specified, or if a user is specified and authentication of the user fails, login prompts for a user name.  Authentication of
     users is configurable via pam(8).	Password authentication is the default.

     The following options are available:

     -f      When a user name is specified, this option indicates that proper authentication has already been done and that no password need be
	     requested.  This option may only be used by the super-user or when an already logged in user is logging in as themselves.

     -h      Specify the host from which the connection was received.  It is used by various daemons such as telnetd(8).  This option may only be
	     used by the super-user.

     -p      By default, login discards any previous environment.  The -p option disables this behavior.

     Login access can be controlled via login.access(5) or the login class in login.conf(5), which provides allow and deny records based on time,
     tty and remote host name.

     If the file /etc/fbtab exists, login changes the protection and ownership of certain devices specified in this file.

     Immediately after logging a user in, login displays the system copyright notice, the date and time the user last logged in, the message of
     the day as well as other information.  If the file .hushlogin exists in the user's home directory, all of these messages are suppressed.
     This is to simplify logins for non-human users, such as uucp(1).

     The login utility enters information into the environment (see environ(7)) specifying the user's home directory (HOME), command interpreter
     (SHELL), search path (PATH), terminal type (TERM) and user name (both LOGNAME and USER).  Other environment variables may be set due to
     entries in the login class capabilities database, for the login class assigned in the user's system passwd record.  The login class also con-
     trols the maximum and current process resource limits granted to a login, process priorities and many other aspects of a user's login envi-
     ronment.

     Some shells may provide a builtin login command which is similar or identical to this utility.  Consult the builtin(1) manual page.

     The login utility will submit an audit record when login succeeds or fails.  Failure to determine the current auditing state will result in
     an error exit from login.

FILES

     /etc/fbtab 		  changes device protections
     /etc/login.conf		  login class capabilities database
     /etc/motd			  message-of-the-day
     /var/mail/user		  system mailboxes
     .hushlogin 		  makes login quieter
     /etc/pam.d/login		  pam(8) configuration file
     /etc/security/audit_user	  user flags for auditing
     /etc/security/audit_control  global flags for auditing

SEE ALSO

     builtin(1), chpass(1), csh(1), newgrp(1), passwd(1), rlogin(1), getpass(3), fbtab(5), login.access(5), login.conf(5), environ(7)

HISTORY

     A login utility appeared in Version 6 AT&T UNIX.

BSD
								September 13, 2006							       BSD
All times are GMT -4. The time now is 06:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy