Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to check when a group was removed for an id?
Top Forums UNIX for Beginners Questions & Answers How to check when a group was removed for an id? Post 303032622 by bakunin on Thursday 21st of March 2019 05:07:27 AM
Old 03-21-2019
Quote:
Originally Posted by ggayathri
How do I find out when/who modified the id settings?
This is a part of systems administration which is called "auditing": security is to make sure only the right person/function is allowed to do things. Auditing is about documenting what he has done and when and why.

As with security the OS offers way to implement it but you have to actually implement it for it to be in place. You can run a system without any security and you can run it without any auditing in place - it might not be wise to do so, but it is possible. Finding out after the fact about what has happened is possible - to some degree, like Don Cragun already insinuated - but in a strict sense not possible. I suggest you take the lesson learned from that and put a system in place that will prevent you getting into the same situation. Thats the best you can do.

Notice that you should make a thorough plan for such an endeavour before implementing it. In most companies this is done on an ad-hoc basis ("we had this incident lastly so how do we prevent it") and usually by people not working the system. This is the reasons a lot of practically unworkable systems are in place. You need to get a tradeoff between practicality, performance impact, documentation needs a few other things. Otherwise the tendency is people search for (and find) shortcuts to circumvent the system to get their work done still in reasonable time and with reasonable effort.

If you have a room with valuable goods in it it makes sense to put a lock on the door. If you try to "enhance security" and put 10 locks on the door and everybody needing to get in there has only one key so that he needs to get 9 other people to convene to open the door chances are the things in this room will be placed outside of it just to avoid having to go through the hassle. This is exactly the opposite of what the door was supposed to do when the first lock was placed on it. Sadly enough i have seen such "solutions" proposed ad put into place times and again.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to check size of Volume Group

Did anyone knows how to check size/usage of a Volume Group in AIX 4.3.3? (4 Replies)
Discussion started by: s_aamir
4 Replies

2. UNIX for Dummies Questions & Answers

UNIX log to check group creator?

Is there a log or command in unix to check who created a user group? Thanks in advance (3 Replies)
Discussion started by: newbit
3 Replies

3. Shell Programming and Scripting

How to check if a user belongs to a group (KSH)?

Hi all, How can I check if a particular user id belongs to a group? (ie. how to check if the current user `whoami` is part of the a certain group? do i use the group name of group id?) Thanks in advance (2 Replies)
Discussion started by: rockysfr
2 Replies

4. AIX

Check quorum for volume group

Hi all, I would like to ensure that a volume group has an effective quorum setting of 1 (or off). I know you can change the quorum setting using the chvg -Q command but want to know if the setting has been changed before the vg was varied on or a reboot. In other words how can I ensure that... (3 Replies)
Discussion started by: backslash
3 Replies

5. Solaris

( VxVM ) How to add the removed disk back to previous disk group

Previously , i remove the disk by #vxdg -g testdg -k rmdisk testdg02 But i got error when i -k adddisk bash-2.03# vxdisk list DEVICE TYPE DISK GROUP STATUS c0t0d0s2 auto:none - - online invalid c0t1d0s2 auto:none ... (1 Reply)
Discussion started by: waibabe
1 Replies

6. Red Hat

Check disks not in a volume group?

Hello, How can I obtain a lists of disks with their size (anytype: SAN LUNs, internal disks, etc.) attached to the system and not being extended inside a volume group? The purpose of this list is to be part of a function of a script that I'm doing in order to resize filesystems and in the... (6 Replies)
Discussion started by: asanchez
6 Replies

7. AIX

Check status of a volume group

Hi huys, Sorry for my bad english, i'm french :o . I've got a little question : is there a way to check status of a VG on aix 6.1 ? I want to know if a VG is locked or not... I can do a "lsvg -Ll rootvg" for example, but if this VG is already locked, the process waits without gives me the... (2 Replies)
Discussion started by: akorx
2 Replies

8. Shell Programming and Scripting

How to check number of group of file.?

Hi Gurus, I need check existing number of file based on the list in file list. for example: in my file list. I have below: abc, file1.txt abc, file2.txt abc, file3.txt abc, file4.txt cde, filea1.txt cde, filea2.txt cde, filea3.txt ... in my current file direcotry, I have file:... (0 Replies)
Discussion started by: ken6503
0 Replies

9. UNIX for Dummies Questions & Answers

Check users in a Linux group

How do you check users in a linux group? (7 Replies)
Discussion started by: cokedude
7 Replies

10. UNIX for Dummies Questions & Answers

Check group consistencies

hello masters , please help here. I have 4 cols, I am looking for consistent 'geno' values within 'line', 'part' combinations. If the geno values are not consistent within a 'line', 'part' block, then we delete that block. One of the complications is that geno values are always 2 character, but... (7 Replies)
Discussion started by: ritakadm
7 Replies

LEARN ABOUT CENTOS

alter_group

ALTER 
GROUP(7)						  PostgreSQL 9.2.7 Documentation					    ALTER GROUP(7)

NAME

       ALTER_GROUP - change role name or membership

SYNOPSIS

       ALTER GROUP group_name ADD USER user_name [, ... ]
       ALTER GROUP group_name DROP USER user_name [, ... ]

       ALTER GROUP group_name RENAME TO new_name

DESCRIPTION

       ALTER GROUP changes the attributes of a user group. This is an obsolete command, though still accepted for backwards compatibility, because
       groups (and users too) have been superseded by the more general concept of roles.

       The first two variants add users to a group or remove them from a group. (Any role can play the part of either a "user" or a "group" for
       this purpose.) These variants are effectively equivalent to granting or revoking membership in the role named as the "group"; so the
       preferred way to do this is to use GRANT(7) or REVOKE(7).

       The third variant changes the name of the group. This is exactly equivalent to renaming the role with ALTER ROLE (ALTER_ROLE(7)).

PARAMETERS

       group_name
	   The name of the group (role) to modify.

       user_name
	   Users (roles) that are to be added to or removed from the group. The users must already exist; ALTER GROUP does not create or drop
	   users.

       new_name
	   The new name of the group.

EXAMPLES

       Add users to a group:

	   ALTER GROUP staff ADD USER karl, john;

       Remove a user from a group:

	   ALTER GROUP workers DROP USER beth;

COMPATIBILITY

       There is no ALTER GROUP statement in the SQL standard.

SEE ALSO

       GRANT(7), REVOKE(7), ALTER ROLE (ALTER_ROLE(7))

PostgreSQL 9.2.7						    2014-02-17							    ALTER GROUP(7)
All times are GMT -4. The time now is 01:56 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy