Chmod by multiple users.


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Chmod by multiple users.
# 1  
Old 08-18-2017
Hammer & Screwdriver Chmod by multiple users.

The requirement is that whichever user logs in and does not find /tmp/logs folder will create the folder and a file /tmp/logs/date.log and gives full permission so that every user can read and write to the file / folder.

I write this code in setup.sh

Code:
mkdir -p /tmp/logs
touch /tmp/logs/date.log
chmod -R 777 /tmp/logs

this setup.sh is injected in the profile of all the users.

The problem i m facing is that once the file and folder is created the other users throw the below error

Code:
chmod: changing permissions of ‘/tmp/logs’: Operation not permitted

I understand that multiple users cannot chmod to the same file or folder; but how can i avoid the error to show up when other users login.

Is simply suppressing the error chmod 777 /tmp/root_log 2>/dev/null the solution to my problem ?
# 2  
Old 08-18-2017
Why don't you post essential information as user / group of /tmp and /tmp/logs, and the user and his/her group that gets the error?
This User Gave Thanks to RudiC For This Post:
# 3  
Old 08-18-2017
Those requirements are ridiculous.

/tmp/logs should never belong to any users you want to monitor.

/tmp/logs should never be writable by any users you want to monitor.

/tmp/logs ... should not even be in /tmp.

This is not a "compromise" or "the best you can do". This is a screen door on a submarine - worse than nothing, so untrustworthy that the records this system generates will be useless and liable to disappear randomly even when the users behave.
# 4  
Old 08-18-2017
I was tempted to reply earlier but my reply would have been harsh though justified...
So to put what Corona just wrote in other way:
1) Who would ever want to create log files and a subdirectory that could be removed by anyone? What goal is that if not an autogoal?
2) What value has a log file anyone can write what he wants in it, but even more if you cannot trace who wrote what in it?

I suggest you really try to learn UNIX basics, what permissions are and what for, and the use of logging ( as not all is reasonable...).
Instead of trying to rebuild what exist, learn, yes seriously, learn what UNIX can offer, and what exists, as sure looking and all you recent threads, if would have been far more easier to implement what exist already in UNIX:
Auditing....
# 5  
Old 08-19-2017
RedHat

Quote:
Originally Posted by RudiC
Why don't you post essential information as user / group of /tmp and /tmp/logs, and the user and his/her group that gets the error?
Code:
chmod: changing permissions of ‘/tmp/log’: Operation not permitted
chmod: changing permissions of ‘/tmp/log/logs_120817’: Operation not permitted
Now sleeping for 3 seconds ... Please wait ....
 You can BEGIN NOW !!
[temp@techx ~]$ id
uid=1016(temp) gid=1003(jenking) groups=1003(jenking) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[temp@techx ~]$ ls -ltrd /tmp/root_log
drwxrwxrwx. 2 user2 jenking 4096 Aug 19 05:41 /tmp/root_log

---------- Post updated at 12:49 AM ---------- Previous update was at 12:43 AM ----------

Quote:
Originally Posted by vbe
I was tempted to reply earlier but my reply would have been harsh though justified...
So to put what Corona just wrote in other way:
1) Who would ever want to create log files and a subdirectory that could be removed by anyone? What goal is that if not an autogoal?
2) What value has a log file anyone can write what he wants in it, but even more if you cannot trace who wrote what in it?

I suggest you really try to learn UNIX basics, what permissions are and what for, and the use of logging ( as not all is reasonable...).
Instead of trying to rebuild what exist, learn, yes seriously, learn what UNIX can offer, and what exists, as sure looking and all you recent threads, if would have been far more easier to implement what exist already in UNIX:
Auditing....
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.

Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.

By the way to address the concerns as soon as a user login i will have the root user run and copy rsync the logs from /tmp to a place where only root has access.

Also, the root will check if the profile of any user has been tampered with using grep or cksum.

Here is a plan that is working.

Last edited by mohtashims; 08-19-2017 at 02:55 AM..
# 6  
Old 08-19-2017
Test first and assume an existing file has the desired permissions.
Code:
if [ \! -f /tmp/logs/date.log ]
then
  mkdir -p /tmp/logs
  touch /tmp/logs/date.log
  chmod -R 777 /tmp/logs
fi

This User Gave Thanks to MadeInGermany For This Post:
# 7  
Old 08-23-2017
Quote:
Originally Posted by mohtashims
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.

Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
The problem, mainly, is that you're logging things as the same user you want to monitor. This means, by definition:
  • Everything you log, they can delete.
  • Everything you do, they can undo.
  • Everything you run, they can kill.
  • Everything you make, they can destroy.

This leaves it wide-open to both intentional and accidental abuse. There is no amount of shell script alone you can write to avoid this.

To prevent users from deleting the stuff being logged about them, it has to be logged somewhere they can't control. Meaning, the logging code has to run as some other user.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Multiple Users - Multiple Scripts

Hello All, I have to restart 100's of scripts for at least 20+ users once the server restarts for any reason. I wanted to come up with a single script to trigger of all scripts/programs under all users with just one script (without root privilege). Is it possible to do so? :confused: If not,... (6 Replies)
Discussion started by: PikK45
6 Replies

2. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies

3. UNIX for Dummies Questions & Answers

Users in multiple groups?

Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance Using Red Hat and here are the issues: Example: Users: Bob Mark Groups: SystemsAnalysts BusinessAnalysts If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Discussion started by: hansokl
2 Replies

4. Red Hat

Multiple Users

I need to have more than one user logged into my PC's VMWare Linux virtual simultaneously, each seeing a graphical display, to test my software's ability to affect their displays one by one. I have never done anything like this before. My Linux virtuals have been for my development only, that is... (3 Replies)
Discussion started by: BrandonShw
3 Replies

5. UNIX and Linux Applications

What is the difference between chmod in solaris and chmod in Linux?

i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies

6. Solaris

How to add multiple users

HI, 1.I want to add multiple users at a same time. How to achive this , since useradd will add only one user at a time,. 2.Also let me know how to install a software in a group of machines where the machines are not configured as zones (1 Reply)
Discussion started by: rogerben
1 Replies

7. Shell Programming and Scripting

Apply `chmod` for multiple files through FTP

Hi all, Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies

8. UNIX for Dummies Questions & Answers

users need to chmod on newly ftp'd files

Is there a way to specify 774 permissions for a file uploaded to an app server via ftp without the users logging in and doing a chmod on the file they just put? I understand they were doing this with an old shared account, and it was working. When they started using their own accounts it stopped... (1 Reply)
Discussion started by: jgentile
1 Replies
Login or Register to Ask a Question