Need a script to create file permission change restriction
Hello,
I am looking for a UNIX shell script which can help me for access restriction.
1) /home/ram, there are number file with .txt extension, which should be only owned "ram" user.
like as below
2) In case ram user, fortunately/unfortunately make any permission change, immediately email group should get alert.
3) Immediately file permission for .txt extension file again should come on same file permission like (-rwx------), it means ram user will only have "rwx" no one else.
Let me explain you by example
If you see as of now ram user only having 'rwx', now unfortunately ram execute chmod 777 *.txt, then all *.txt will have 777 permission,
If any .txt file change permission command (apart from Ram --> "rwx") execute on particular directory
then immediately email group should get alert, as well as file permission should get change with only "-rwx------"
Please advice script.
Regards,
Last edited by Scrutinizer; 03-11-2016 at 04:07 AM..
Reason: code text
Let's make things clear
1) a shell script is NOT a monitoring tool
2) You cannot stop a user type chmod 777 *.txt unless you restrict that user with a chroot or restricted shell or... OR that user is generic and no one is to use that account
Quote:
well as file permission should get change with only "-rwx------"
And for that even if we gave you a script, except that specific user, only root can do that, and since that user can do the job why write a script to type chmod 700 *.txt?
Thanks for reply, Let me again try to explain more about the issue,
With the 'ram' user only we all dba login and do our dba administration activity.
now let take if we are 5 dba in that any one of dba unfortunately fire "chmod * .txt" command under /home/ram directory where those 4 txt file exist.
now in this case what would happen, all user,group members have read,write,execution privilege.
I am looking for any script which execute in regular interval time frame by crone job schedule and check in case those .txt file found with any other permission then other dba can able to get an alert immediately so DBA could able to take appropriate action ASAP.
Regards,
---------- Post updated at 04:41 PM ---------- Previous update was at 04:34 PM ----------
it my understanding, I am thinking like lets make a kind of shell script which can monitor those 4 file by cron job, in case if some change permission, we could minimum able to get email alert, so we could able to take appropriate action.
Looking your advice which can help us to fight with this kind of issue, We are OK with the resolution and will try to apply it accordingly so please test the case and advice it according.
With the 'ram' user only we all dba login and do our dba administration activity.
If I were the admin, you would all have your own account and would have to use sudo to that user... I generally then have scripts to log the activity in .sh_history per user ( OK its not perfect and I cannot stop people bypassing or lets say I dont have the time do go and keep on modifying things... and it work in 85%)
Maybe if you explained more what makes those files so special, why they need 700 perms etc.. We could try to think of some alternatives /solutions...
You didnt say what perms were on that home directory too...So we can have a more complete understanding...
That's true, We login with our personal account and then after by below connect as below
sudo su - ram for our dba activity.
password : ****
now in case any one of dba fire chmod 777 or 755 *.txt under the perticular directory then file permission will get change, I want incase any one change the file permission for *.txt under perticular directory then on dba_group@xxx.com email come as an alert.
What is so special about those files? You worry about perms changes and not content change? ( weird...)
We cant help you in thinking of a possible solution with just the little information you gave so far...
1) what are those files?
2) are the DBAs to modify/read/write to them ( because of the perms you want...)
3) if its a software that does, cant they be put elsewhere where more safe?
...
Hi,
this is the structure of the directory
/local/home/app/cases
under cases directory, below are the sub directories and each directory has files.
/local/home/app/cases/1
/local/home/app/cases/2
/local/home/app/cases/3
/local/home/app/cases/4
File types are .txt .sh and so... (5 Replies)
Hello all, I am trying to create a script or a .command file that will run for me and my other techs on many, many Mac OSX computers that will add a file to the /etc/ folder called /etc/launchd.conf
Every time I try to run the script, I get "Permission Denied" when trying to put the file into... (13 Replies)
I want to change the permission of a dir to 777 after every hour in a background process.I do not have the access to the crontab , is there another way of doing it a scrit of some thing like that . Any help will be great. (1 Reply)
Guys, I need help.
I need to change the .txt file permission after I have reset the file content to 0.
The code that reset the file content to 0 is as follows:
#!/bin/sh
for i in /root/script/*.txt
do
echo "0" > $i
done
However, the file is generated by the apache application,... (3 Replies)
Hi Guys,
I want to know is there any method to create a file having 777 permission. I am aware of umask, since it is only giving max. 666 permission for files this is not fulfilling my needs.
Thanks in advance
---------- Post updated at 12:49 AM ---------- Previous update was at 12:31... (10 Replies)
Hello,
I would to create a new user with some restriction:
1. The user will not be able to CD any directory (I mean he'll login to the defined home directory and that's all).
2. The user will not be able to delete anything in that home directory
Thanks a lot in advance,
Shahar (1 Reply)
In my script, I am creating a file ----> then writting one line (i.e. Timestamp) ----> then FTP'ing. The same script can be executed by many other users.
While other users executing this script, they couldn't Over write this one line (i.e. Timestamp)
My expectation
So I wanted to create a... (2 Replies)
I am creating a file using the UTL_FILE command of oracle. This creates a file with the oracle user id. The file does not have permission for being read by any other user id. Is there a way that I can change this default permission. I tried using umask in the .login. Setting the umask to 022 works... (2 Replies)
Hi!! Experts,
Is there any way to find the timestamp when the permission of a file was modified?? I mean no change to file contents.. Just the chnage of permissions.
:) (1 Reply)