Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stop root from writing to directory
Top Forums UNIX for Advanced & Expert Users Stop root from writing to directory Post 303041316 by Neo on Thursday 21st of November 2019 09:14:29 AM
Old 11-21-2019
Quote:
Originally Posted by foad

....

The usual remedy if you want some file(-space) to be protected from roots tampering is to put it off the server: create an NFS share on some remote server, mount it where you want to be protected from roots access and adjust the rights accordingly. This is the common way of i.e. protecting logs from possible tampering.
Let me correct your words here.

This is not a "usual remedy", but it is one technical control in wide a range of possible technical controls based on the risk profile of the server.

I don't have a lot of time to write a long reply, so let me summarize:

Security is defined, generally, in three areas (1) confidentiality, (2) integrity and (3) availability.

The original poster has not defined which of these are the most critical to their organization / application / server.

For example, the application on this server may be less interested in file integrity than high availability. If that is the case, then having a network mounted device may not provide the insured availability because networks can fail, wires can break, network devices can go down, even unplugged, etc. In one datacenter I worked, I watched a major device fail because a manager rolled his chair (sitting in the chair) over a LAN cable while talking to the team.

Anyway, it is important, when talking about IT security to talk about the risk and define the risk profile; because what is correct for one application / server may not be the best for another; and the controls: (1) techincal,(2) administration and (3) physical.

More later, if this thread gains any traction.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

What files are writing to a directory

Is there a way to tell what files/scripts are writing/wrote to a given directory? (3 Replies)
Discussion started by: hattorihanzo
3 Replies

2. Shell Programming and Scripting

writing script to clean up a directory

I have to do a directory clean up on several machines. The task is as follows: go to a particular directory (cd /xxx) 1. create a directory ' SCRIPTCLEANUP ' ( i KNOW IT) loop through 2. List the directory 3. if directory and start with 'DQA' leave it, 4. if directory or file move it to... (0 Replies)
Discussion started by: ajaya
0 Replies

3. UNIX for Dummies Questions & Answers

how to stop to current directory using find

Hello, I just want to ask the following use of find command: 1. how can I find files only to the current directory? 2. how can I find files to directories and all subdiretories (are this include soft links?) but will not go to other mountpoints that is under that mountpoint. Im combining... (1 Reply)
Discussion started by: james_falco
1 Replies

4. Shell Programming and Scripting

stop unix find on a directory structure after finding 1st occurrence

Hi, Has anyone tried to restrict Solaris 10 unix find on a large directory structure based on time to stop running after finding the first occurrence of a matching query. Basically I'm trying to build up a usage map of user workspaces based on file modification (week/month/3 months/year etc) and... (3 Replies)
Discussion started by: jm0221
3 Replies

5. UNIX for Dummies Questions & Answers

How to display only Owner and directory/sub directory names under particular root

hai, I am new to Unix, I have a requirement to display owner name , directory or sub directory name, who's owner name is not equal to "oasitqtc". (here "oasitqtc" is the owner of the directory or sub directory.) i have a command (below) which will display all folders and sub folders, but i... (6 Replies)
Discussion started by: gagan4599
6 Replies

6. Shell Programming and Scripting

Writing Script to Copy Newest Directory

I am trying to write a script that once executed it will search within a directory and copy only the newest directory that has not been copied before to a new location. Kind of like what ROBOCOPY /M does in windows? The directories are not left in the new location so using a sync action won't... (2 Replies)
Discussion started by: Keriderf
2 Replies

7. Shell Programming and Scripting

Shell script to poll a directory and stop upon an event

Need shell script to: 1/keep polling a directory "receive_dir" irrespective of having files or no files in it. 2/move the files over to another directory "send_dir". 3/the script should only stop polling upon a file "stopfile" get moved to "receive_dir". Thanks !! My script: until do... (0 Replies)
Discussion started by: iaav
0 Replies

8. What is on Your Mind?

Stop Writing Scripts

Please, I beg you, “Stop!” Yes, stop writing scripts and instead build workflows. Programmers, Sys-Admins, System Support, I'm talking to you. Ok, I know in this community I'm going to get some serious backlash for my statements but I truly believe in my statement. There was a time when... (13 Replies)
Discussion started by: mikemazz
13 Replies

9. UNIX for Dummies Questions & Answers

Removing directory with leading hyphen from root directory

I know that this basic question has been asked many times and solutions all over the internet, but none of the are working for me. I have a directory in the root directory, named "-p". # ls -l / total 198 <snip> drwxr-xr-x 4 root root 4096 Dec 3 14:18 opt drwxr-xr-x 2 root ... (2 Replies)
Discussion started by: edstevens
2 Replies

10. Solaris

SunOS confusing root directory and user home directory

Hello, I've just started using a Solaris machine with SunOS 5.10. After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init). ... (2 Replies)
Discussion started by: egyassun
2 Replies

LEARN ABOUT DEBIAN

oss_audioloop

oss_audioloop(7)						    OSS Devices 						  oss_audioloop(7)

NAME

       oss_audioloop - Loopback audio driver.

DESCRIPTION

       The loopback audio driver makes it possible to create special purpose virtual audio devices based on user land server processes.

       Loopback devices are driven by a timer interrupt and no real audio hardware is required.

   INTRODUCTION
       Audio loopback devices are like named pipes or pseudo terminals. They are grouped in client and server device pairs. The server side device
       must be open before the client side device can be opened.

       Loopback devices are typically used to implement server based special purpose audio devices. This kind of server can for  example  transfer
       the audio data played by the client application to some remote system using some VoIP protocol. However the server application doesn't need
       to be any dedicated server. Practically any audio application can be used as the server.

   SERVER SIDE DEVICE
       The server side applications sets up the native sampling rate and sample format (number of bits and channels). The server side  device  can
       be opened for input (O_RDONLY) pr output (O_WRONLY). Opening for simultaneous input and output (O_RDWR) is not permitted.

       The  server application will automatically be paused at the moment it tries to read or write audio data for the first time. It will be kept
       in sleep until the client side application starts writing or reading data. This sleep period may last forever and in some cases	the  first
       write/read  call never returns. For this reason it's not recommended to use GUI based audio applications as the server. Note that this wait
       will occur even in the non-blocking (O_NONBLOCK) mode (this is intentional feature and not a bug).

   CLIENT SIDE DEVICE
       The client side device is typically used by any ordinary audio application.  There is nothing special in loopback devices.

       Since the loop is unidirectional the client side will be forced to be write only if the server side device is open for recording  and  vice
       versa.

       The  loop  will	use the sample rate and sample format (number of bits and channels) set by the server side application. If the client uses
       different settings then OSS will perform the required sampling rate and format conversions automatically.

COMPATIBILITY ISSUES

       Audio loopback devices differ from "normal" audio devices because an application is needed at the both ends of the loop.  The  loop  device
       will  return  a "Connection reset by peer" error (ECONNRESET) error. Applications designed to be used as loopback based server applications
       can/should use this error (returned by read or write) as an end-of-stream indication.

OPTIONS

       o audioloop_instances:
	      Specifies how many loopback client/server audio device pairs to be created.

	      Values: 1-16
		     Default: 1

KNOWN PROBLEMS

       o  There is no mixer (volume control) related with loopback audio devices. This	may  prevent  poorly  designed	audio  applications  (that
	  expect/require a mixer) from working. There is no workaround available.

       o  The  server  side  application will wait until the client side application starts using it. This wait may last forever which in turn may
	  cause unrecoverable (network) problems with some applications.

       o  Loopback devices may return "Connection reset by peer" error when the reote side of the loop	disconnects  the  device.  Some  recording
	  applications	may  fail  to save the recorded data properly because of this. Use some other application (such as ossrecord) if this hap-
	  pens.

FILES

       /etc/oss4/conf/oss_audioloop.conf Device configuration file

AUTHOR

       4Front Technologies

								 16 December 2012						  oss_audioloop(7)
All times are GMT -4. The time now is 07:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy