Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to check when a group was removed for an id?
Top Forums UNIX for Beginners Questions & Answers How to check when a group was removed for an id? Post 303032622 by bakunin on Thursday 21st of March 2019 05:07:27 AM
Old 03-21-2019
Quote:
Originally Posted by ggayathri
How do I find out when/who modified the id settings?
This is a part of systems administration which is called "auditing": security is to make sure only the right person/function is allowed to do things. Auditing is about documenting what he has done and when and why.

As with security the OS offers way to implement it but you have to actually implement it for it to be in place. You can run a system without any security and you can run it without any auditing in place - it might not be wise to do so, but it is possible. Finding out after the fact about what has happened is possible - to some degree, like Don Cragun already insinuated - but in a strict sense not possible. I suggest you take the lesson learned from that and put a system in place that will prevent you getting into the same situation. Thats the best you can do.

Notice that you should make a thorough plan for such an endeavour before implementing it. In most companies this is done on an ad-hoc basis ("we had this incident lastly so how do we prevent it") and usually by people not working the system. This is the reasons a lot of practically unworkable systems are in place. You need to get a tradeoff between practicality, performance impact, documentation needs a few other things. Otherwise the tendency is people search for (and find) shortcuts to circumvent the system to get their work done still in reasonable time and with reasonable effort.

If you have a room with valuable goods in it it makes sense to put a lock on the door. If you try to "enhance security" and put 10 locks on the door and everybody needing to get in there has only one key so that he needs to get 9 other people to convene to open the door chances are the things in this room will be placed outside of it just to avoid having to go through the hassle. This is exactly the opposite of what the door was supposed to do when the first lock was placed on it. Sadly enough i have seen such "solutions" proposed ad put into place times and again.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to check size of Volume Group

Did anyone knows how to check size/usage of a Volume Group in AIX 4.3.3? (4 Replies)
Discussion started by: s_aamir
4 Replies

2. UNIX for Dummies Questions & Answers

UNIX log to check group creator?

Is there a log or command in unix to check who created a user group? Thanks in advance (3 Replies)
Discussion started by: newbit
3 Replies

3. Shell Programming and Scripting

How to check if a user belongs to a group (KSH)?

Hi all, How can I check if a particular user id belongs to a group? (ie. how to check if the current user `whoami` is part of the a certain group? do i use the group name of group id?) Thanks in advance (2 Replies)
Discussion started by: rockysfr
2 Replies

4. AIX

Check quorum for volume group

Hi all, I would like to ensure that a volume group has an effective quorum setting of 1 (or off). I know you can change the quorum setting using the chvg -Q command but want to know if the setting has been changed before the vg was varied on or a reboot. In other words how can I ensure that... (3 Replies)
Discussion started by: backslash
3 Replies

5. Solaris

( VxVM ) How to add the removed disk back to previous disk group

Previously , i remove the disk by #vxdg -g testdg -k rmdisk testdg02 But i got error when i -k adddisk bash-2.03# vxdisk list DEVICE TYPE DISK GROUP STATUS c0t0d0s2 auto:none - - online invalid c0t1d0s2 auto:none ... (1 Reply)
Discussion started by: waibabe
1 Replies

6. Red Hat

Check disks not in a volume group?

Hello, How can I obtain a lists of disks with their size (anytype: SAN LUNs, internal disks, etc.) attached to the system and not being extended inside a volume group? The purpose of this list is to be part of a function of a script that I'm doing in order to resize filesystems and in the... (6 Replies)
Discussion started by: asanchez
6 Replies

7. AIX

Check status of a volume group

Hi huys, Sorry for my bad english, i'm french :o . I've got a little question : is there a way to check status of a VG on aix 6.1 ? I want to know if a VG is locked or not... I can do a "lsvg -Ll rootvg" for example, but if this VG is already locked, the process waits without gives me the... (2 Replies)
Discussion started by: akorx
2 Replies

8. Shell Programming and Scripting

How to check number of group of file.?

Hi Gurus, I need check existing number of file based on the list in file list. for example: in my file list. I have below: abc, file1.txt abc, file2.txt abc, file3.txt abc, file4.txt cde, filea1.txt cde, filea2.txt cde, filea3.txt ... in my current file direcotry, I have file:... (0 Replies)
Discussion started by: ken6503
0 Replies

9. UNIX for Dummies Questions & Answers

Check users in a Linux group

How do you check users in a linux group? (7 Replies)
Discussion started by: cokedude
7 Replies

10. UNIX for Dummies Questions & Answers

Check group consistencies

hello masters , please help here. I have 4 cols, I am looking for consistent 'geno' values within 'line', 'part' combinations. If the geno values are not consistent within a 'line', 'part' block, then we delete that block. One of the complications is that geno values are always 2 character, but... (7 Replies)
Discussion started by: ritakadm
7 Replies

LEARN ABOUT HPUX

vgexport

vgexport(1M)															      vgexport(1M)

NAME

       vgexport - export an LVM volume group and its associated logical volumes

SYNOPSIS

       mapfile] outfile] vg_name

       mapfile vg_name

DESCRIPTION

       Using  the  format  of  the  first command line of the above, the command can be used to remove a volume group from the system.	The volume
       group will be removed without modifying the logical volume information found on the physical volumes.

       The volume group identified by vg_name is removed from the or file, and the associated device files including  the  vg_name  directory  and
       file are removed from the system.

       The  volume group information and data is untouched on the physical volume.  These disks can be imported to another system with the command
       (see vgimport(1M)).

   Scan Option
       Using the format of the second command line of the above, the command generates a mapfile that can be copied to other systems that are part
       of a high availability cluster (use the option if you do not want to remove the volume group from the system the command is being run from)
       and the command (see vgimport(1M)) can be used to recreate the volume group.  See also vgchange(1M).  The mapfile contains a description of
       the  volume group and its associated logical volume(s) (if any).  The logical volume information found on the physical volumes is not modi-
       fied.

   Options and Arguments
       recognizes the following options and arguments:

	      vg_name	     The path name of the volume group.

	      By default, a file named
			     is created in the current directory.  This file contains a description of the volume group and its associated logical
			     volume(s)	(if  any).   Use  this option to specify a different name for the file, mapfile.  This file can be used as
			     input to (see vgimport(1M)).  When used with the option, the volume group specified in the mapfile can be shared with
			     other systems in the high availability cluster.

	      Preview the actions to be taken but do not update the
			     or file or remove the devices file.  This option is best used in conjunction with the option.

	      Print verbose messages
			     including the names of the physical volumes associated with this volume group.

	      Scan option.   When the option is specified, then the options must also be specified.  A mapfile is created that can be used to cre-
			     ate volume group entries on other systems in the high availability cluster (with the command).

	      Write the current set of
			     pv_paths for the volume group to the outfile.  The outfile may then be used as the infile for the	option.   If  used
			     together  with  the option the volume group is not exported but the list of pv_paths is still written to the outfile.
			     This may be useful to derive a list of pv_paths for the volume group or to use on another system which is sharing the
			     volume group and which has an identical configuration.

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

       If is not specified or is null, it defaults to "C" (see lang(5)).

       If any internationalization variable contains an invalid setting, all internationalization variables default to "C" (see environ(5)).

EXAMPLES

       Export the volume group into mapfile The volume group will be removed from the exporting system.

       Export the volume group and write the disk names into the file

       Create  a  mapfile to be copied to other systems in a high availability cluster to build the volume group information for the volume group,
       Note that the volume group is not removed from the exporting system.  The importing systems will create the volume group with  the  command
       using the and options.

SEE ALSO

       vgimport(1M), vgscan(1M).

																      vgexport(1M)
All times are GMT -4. The time now is 05:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy