The requirement is that whichever user logs in and does not find /tmp/logs folder will create the folder and a file /tmp/logs/date.log and gives full permission so that every user can read and write to the file / folder.
I write this code in setup.sh
this setup.sh is injected in the profile of all the users.
The problem i m facing is that once the file and folder is created the other users throw the below error
I understand that multiple users cannot chmod to the same file or folder; but how can i avoid the error to show up when other users login.
Is simply suppressing the error chmod 777 /tmp/root_log 2>/dev/null the solution to my problem ?
/tmp/logs should never belong to any users you want to monitor.
/tmp/logs should never be writable by any users you want to monitor.
/tmp/logs ... should not even be in /tmp.
This is not a "compromise" or "the best you can do". This is a screen door on a submarine - worse than nothing, so untrustworthy that the records this system generates will be useless and liable to disappear randomly even when the users behave.
I was tempted to reply earlier but my reply would have been harsh though justified...
So to put what Corona just wrote in other way:
1) Who would ever want to create log files and a subdirectory that could be removed by anyone? What goal is that if not an autogoal?
2) What value has a log file anyone can write what he wants in it, but even more if you cannot trace who wrote what in it?
I suggest you really try to learn UNIX basics, what permissions are and what for, and the use of logging ( as not all is reasonable...).
Instead of trying to rebuild what exist, learn, yes seriously, learn what UNIX can offer, and what exists, as sure looking and all you recent threads, if would have been far more easier to implement what exist already in UNIX:
Auditing....
Why don't you post essential information as user / group of /tmp and /tmp/logs, and the user and his/her group that gets the error?
---------- Post updated at 12:49 AM ---------- Previous update was at 12:43 AM ----------
Quote:
Originally Posted by vbe
I was tempted to reply earlier but my reply would have been harsh though justified...
So to put what Corona just wrote in other way:
1) Who would ever want to create log files and a subdirectory that could be removed by anyone? What goal is that if not an autogoal?
2) What value has a log file anyone can write what he wants in it, but even more if you cannot trace who wrote what in it?
I suggest you really try to learn UNIX basics, what permissions are and what for, and the use of logging ( as not all is reasonable...).
Instead of trying to rebuild what exist, learn, yes seriously, learn what UNIX can offer, and what exists, as sure looking and all you recent threads, if would have been far more easier to implement what exist already in UNIX:
Auditing....
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.
Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
By the way to address the concerns as soon as a user login i will have the root user run and copy rsync the logs from /tmp to a place where only root has access.
Also, the root will check if the profile of any user has been tampered with using grep or cksum.
Here is a plan that is working.
Last edited by mohtashims; 08-19-2017 at 02:55 AM..
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.
Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
The problem, mainly, is that you're logging things as the same user you want to monitor. This means, by definition:
Everything you log, they can delete.
Everything you do, they can undo.
Everything you run, they can kill.
Everything you make, they can destroy.
This leaves it wide-open to both intentional and accidental abuse. There is no amount of shell script alone you can write to avoid this.
To prevent users from deleting the stuff being logged about them, it has to be logged somewhere they can't control. Meaning, the logging code has to run as some other user.
Hello All,
I have to restart 100's of scripts for at least 20+ users once the server restarts for any reason. I wanted to come up with a single script to trigger of all scripts/programs under all users with just one script (without root privilege).
Is it possible to do so? :confused: If not,... (6 Replies)
hi,
i am new to shell scripts
i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance
Using Red Hat and here are the issues:
Example:
Users:
Bob
Mark
Groups:
SystemsAnalysts
BusinessAnalysts
If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
I need to have more than one user logged into my PC's VMWare Linux virtual simultaneously, each seeing a graphical display, to test my software's ability to affect their displays one by one. I have never done anything like this before. My Linux virtuals have been for my development only, that is... (3 Replies)
HI,
1.I want to add multiple users at a same time. How to achive this , since useradd will add only one user at a time,.
2.Also let me know how to install a software in a group of machines where the machines are not configured as zones (1 Reply)
Hi all,
Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Is there a way to specify 774 permissions for a file uploaded to an app server via ftp without the users logging in and doing a chmod on the file they just put? I understand they were doing this with an old shared account, and it was working. When they started using their own accounts it stopped... (1 Reply)