Privacy In a UNIX Server Environment


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Privacy In a UNIX Server Environment
# 1  
Old 06-25-2014
Privacy In a UNIX Server Environment

I am dealing with a privacy issue that I am unable to solve. Essentially, there is a .sas file saved on a UNIX Server. I am interested in changing permissions etc so that:

1. The .sas file can only be altered by the owner.
2. The contents of the .sas file can not be viewed (there is sensitive login information in the .sas file)
3. The .sas file can be run by a set of people chosen by the owner.

Things I have tried thus far:
1. Messing with chmod on the .sas file.
2. Saving the login information in an encrypted pwd.txt file.

My method "if all else fails":
Create a faceless login to replace the sensitive login information in the .sas file. This is admittedly less secure and therefore secondary, but certainly a possibility.

Any advice would be greatly appreciated!!
# 2  
Old 06-25-2014
You should investiate ACL's (access control lists) if you want to point to a set of users.
This User Gave Thanks to blackrageous For This Post:
# 3  
Old 06-25-2014
...or just use groups to define a group of users? Groups being what groups are... What I would do:

Create a user specifically for the file, so that only that user has access. Then, give that user no password and an invalid login shell. So you have an account that cannot be su-ed into.

Then, use sudo to allow people in a certain group to run commands as that user -- but only the commands you want to allow, only in the exact way you want to allow. Allowing 'sudo -u username /path/to/mycustomwrapper.sh' may be one way to do this.

And finally: If any of these people have root access, there is nothing you can do to protect your system from them.
This User Gave Thanks to Corona688 For This Post:
# 4  
Old 06-26-2014
Quote:
Originally Posted by Corona688
...or just use groups to define a group of users? Groups being what groups are... What I would do:

Create a user specifically for the file, so that only that user has access. Then, give that user no password and an invalid login shell. So you have an account that cannot be su-ed into.

Then, use sudo to allow people in a certain group to run commands as that user -- but only the commands you want to allow, only in the exact way you want to allow. Allowing 'sudo -u username /path/to/mycustomwrapper.sh' may be one way to do this.

And finally: If any of these people have root access, there is nothing you can do to protect your system from them.
Now that right there is a very good idea that I had not thought of. My goal for the day is to implement the system you speak of exactly.

You sir, are a gentleman and a scholar.
This User Gave Thanks to adtuck For This Post:
 
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. What is on Your Mind?

UNIX.COM General Data Privacy Regulations (GDPR) Compliance - For Member Comments

Dear All, Please read version Version 0.81 28 May 2018 of our draft UNIX.COM General Data Privacy Regulations (GDPR) Compliance. If you have any data privacy questions or concerns, or would like to see us address any other data privacy topic related to your personal data at UNIX.COM,... (12 Replies)
Discussion started by: Neo
12 Replies

2. UNIX for Advanced & Expert Users

How to grow vxfs directory but the server is in Veritas Cluster environment?

Hello, Usually I use "vxresize" to grow vxfs directory in a stand-alone server without any problems, but I am just told to grow vxfs directorys in Veritas Cluster nodes. Since I never done it before, would like to ask all the experts here to make sure the concept and steps will be fine... (1 Reply)
Discussion started by: sunnychen98
1 Replies

3. AIX

Software For Server Environment Documentation

Hello guys! Can you suggest some software for doucmenting Servers? thanks in advance edit by bakunin: typo in thread title corrected. (14 Replies)
Discussion started by: Vit0_Corleone
14 Replies

4. Shell Programming and Scripting

Find and delete files and folders which are n days older from one unix server to another unix server

Hi All, Let me know how can i find and delete files from one unix server to another unix server which are 'N' days older. Please note that I need to delete files on remote unix server.So, probably i will need to use sftp, but question is how can i identify files and folders which are 'N'... (2 Replies)
Discussion started by: sachinkl
2 Replies

5. Shell Programming and Scripting

Help: how to convert perl script to awk in windows2003 server environment

For the following perl script, can anyone help to convert it to awk statement in windows2003 server environment ? Code: foreach $k (sort {$a <=> $b} keys %psnum) (1 Reply)
Discussion started by: tojzz
1 Replies

6. Post Here to Contact Site Administrators and Moderators

Privacy Policy for The UNIX and Linux Forums

Privacy Policy for The UNIX and Linux Forums If you require any more information or have any questions about our privacy policy, please feel free to contact us by email or post your question as a reply to this thread. At The UNIX and Linux Forums, the privacy of our visitors is of extreme... (0 Replies)
Discussion started by: Neo
0 Replies

7. UNIX for Advanced & Expert Users

Building UX Server for Dev Environment

Hello. I am asked to build a new UNIX Server for Development environment before we could ask the high level experts to build production environment. Could you please let me know what all must I have to know and the steps inorder to build ux server? Thank you! (2 Replies)
Discussion started by: panchpan
2 Replies

8. Solaris

Building UX Server for Dev Environment

Hello. I am asked to build a new UNIX Server for Development environment before we could ask the high level experts to build production environment. Could you please let me know what all must I have to know and the steps inorder to build ux server? Thank you! (0 Replies)
Discussion started by: panchpan
0 Replies
Login or Register to Ask a Question