Login or Register to Ask a Question and Join Our Community


Solaris

restricting users privileges and logging their activities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris restricting users privileges and logging their activities
# 1  
Old 03-16-2007
restricting users privileges and logging their activities
Hello,
I'm administrating new installed cluster that runs Legato Networker and Oracle 9. And I want to restrict the use of root to my self and givr the application and DBA the proper and needed privileges to do their duties without hassle in addition I would like to log users activities.

my questions are:
1. is normal user will give the oracle dba and legato networker enough privileges to run the application specific command?

2. which is better in all terms sudo or RBAC?
3. do I have to enable BSM to log the users activities if I used RBAC or I can syslog do that?

Thank you
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Restricting multiple users to run only sftp server

Hello, can someone please provide steps, can I restrict a multiple users to only access only sftp on a server, to perform upload and download of files on their home directories. 1. I have updated their login shell as /sbin/nologin. anything else do I need to update. Thanks, (3 Replies)
Discussion started by: bobby320
3 Replies

2. Shell Programming and Scripting

restricting users

how can i make my users to not use particular commands in the network like:wall....... pl z help me regarding this (1 Reply)
Discussion started by: yashwanthguru
1 Replies

3. Shell Programming and Scripting

shell script for monitoring users activities

hi I need a shell script which runs perpetually in background and monitors different aspects of different users on different files and their usages for example say there r 3 users so i want when they log in i.e. their log in time and their file access, modify and change log of each file of a... (3 Replies)
Discussion started by: rrd1986
3 Replies

4. Shell Programming and Scripting

Logging out users

Hi, How do force users to log off Unix through shell? (2 Replies)
Discussion started by: Wahmed9
2 Replies

5. UNIX for Advanced & Expert Users

TCP Wrappers and restricting users

I'm using vsftpd which is being controlled by inetd. I have a user that I want to only be able to connect from one specific IP address on the same internal network so I can backup files on a separate system. Is this possible with TCP wrappers? I got the notion that it was because of a few... (4 Replies)
Discussion started by: mashiox
4 Replies

6. Solaris

logging logout of users

I am looking for solutions to address my need to log to a file whenever a user logs out or session disconnects. (1 Reply)
Discussion started by: mhm4
1 Replies

7. AIX

Logging off users

What is the best way to logoff users from my Unix system? I have done a search and found that you can do a w or who - find who is on, and ps-ef | grep <user> and kill their processes. But what if you have a bunch of users and you need them off the system quickly? Killing individual processes... (1 Reply)
Discussion started by: outtacontrol
1 Replies

8. Linux

Users with login privileges

Hi. I need the name for one command which I cant remember. This command displays all users which can log in to the system, wether they are stored in /etc/passwd, NIS og LDAP. Does anyone remember what command this is? (2 Replies)
Discussion started by: sprellari
2 Replies

9. UNIX for Dummies Questions & Answers

logging users activity

Hello All! Does anyone know of a nice way to log commands in solaris 8. What I need is a program or script that saves any command that a user does in solaris command prompt. So when Steven logs in on a system, it should record everything he does, from an ls to exit with timestamps. I've been... (6 Replies)
Discussion started by: dozy
6 Replies

10. UNIX for Advanced & Expert Users

Tracking activities of Users using a particular login.

Hi!! Experts, I have a typical scenario here in which several users have access to a particular login .. say "build". None of the users know the passwd for this login. The name of some of the user have been to .rhosts file. The users can connect only by doing a rlogin to this id and then... (4 Replies)
Discussion started by: jyotipg
4 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

mysqluserclone

MYSQLUSERCLONE(1)						  MySQL Utilities						 MYSQLUSERCLONE(1)

NAME

       mysqluserclone - Copy a MySQL user to one or more new users on another server

SYNOPSIS

       mysqluserclone [options] base_user new_user[:password][@host_name] ...

DESCRIPTION

       This  utility  uses  an existing MySQL user account on one server as a template, and clones it to create one or more new user accounts with
       the same privileges as the original user.  The new users can be created on the original server or a different server.

       To list users for a server, specify the --list option.  This prints a list of the users on the source (no destination is needed).  To  con-
       trol how to display list output, use one of the following values with the --format option:

       grid (default)
	      Display output in grid or table format like that of the mysql monitor.

       csv    Display output in comma-separated values format.

       tab    Display output in tab-separated format.

       vertical
	      Display output in single-column format like that of the G command for the mysql monitor.

OPTIONS

       mysqluserclone accepts the following command-line options:

       --help Display a help message and exit.

       --destination=<destination>
	      Connection information for the destination server in <user>[:<passwd>]@<host>[:<port>][:<socket>] format.

       --dump, -d
	      Display  the  GRANT  statements  to create the account rather than executing them. In this case, the utility does not connect to the
	      destination server and no --destination option is needed.

       --format=<list_format>, -f<list_format>
	      Specify the user display format.	Permitted format values are grid, csv, tab, and vertical. The default is  grid.   This	option	is
	      valid only if --list is given.

       --force
	      Drop  the  new  user  account if it exists before creating the new account.  Without this option, it is an error to try to create an
	      account that already exists.

       --include-global-privileges
	      Include privileges that match base_user@% as well as base_user@host.

       --list List all users on the source server. With this option, a destination server need not be specified.

       --quiet, -q
	      Turn off all messages for quiet execution.

       --source=<source>
	      Connection information for the source server in <user>[:<passwd>]@<host>[:<port>][:<socket>] format.

       --verbose, -v
	      Specify how much information to display. Use this option multiple times to increase the amount of information.  For  example,  -v  =
	      verbose, -vv = more verbose, -vvv = debug.

       --version
	      Display version information and exit.

NOTES

       You  must  provide  connection parameters (user, host, password, and so forth) for an account that has the appropriate privileges to access
       all objects in the operation.

       The account used to connect to the source server must have privileges to read the mysql database.

       The account used to connect to the destination server must have privileges to execute CREATE USER (and DROP USER if the --force	option	is
       given), and privileges to execute GRANT for all privileges to be granted to the new accounts.

       For  the  --format option, the permitted values are not case sensitive. In addition, values may be specified as any unambiguous prefix of a
       valid value.  For example, --format=g specifies the grid format.  An error occurs if a prefix matches more than one valid value.

EXAMPLES

       To clone joe as sam and sally with passwords and logging in as root on the local machine, use this command:

       $ mysqluserclone --source=root@localhost 
	 --destination=root@localhost 
	 joe@localhost sam:secret1@localhost sally:secret2@localhost
       # Source on localhost: ... connected.
       # Destination on localhost: ... connected.
       # Cloning 2 users...
       # Cloning joe@localhost to user sam:secret1@localhost
       # Cloning joe@localhost to user sally:secret2@localhost
       # ...done.

       The following command shows all users on the local server in the most verbose output in CSV format:

       $ mysqluserclone --source=root@localhost --list --format=csv -vvv
       # Source on localhost: ... connected.
       user,host,database
       joe,localhost,util_test
       rpl,localhost,
       sally,localhost,util_test
       sam,localhost,util_test
       joe,user,util_test

COPYRIGHT

       Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as  published	by
       the Free Software Foundation; version 2 of the License.

       This  program  is  distributed  in  the	hope  that  it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program; if not, write to the Free  Software  Foundation,
       Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

AUTHOR

       MySQL Utilities Team

COPYRIGHT

       2010, Oracle and/or its affiliates. All rights reserved.

1.0.3								   May 09, 2012 						 MYSQLUSERCLONE(1)