topic Re: file permission in Operating System - HP-UX

file permission

peterchu — Tue, 21 Sep 2004 06:57:14 GMT

In our office , there are three system administrators know the root password, now I have a file/directoy that is very important and must not be removed , I want to prevent another two administrators will remove this file/directory ( intentionally or accidentally ) , can I add a personal password to it ( only I know this password ) so that they can't remove even use the root password , or could suggest other solution ? thx

Re: file permission

Cheryl Griffin — Tue, 21 Sep 2004 07:00:06 GMT

Having root access is an all or nothing situation.

You either can access everything by having root password, or nothing owned by root without the password.

There is no second level of passwording.

I'd suggest changing root password and giving them restricted sam access or using sudo.

Re: file permission

Sunil Sharma_1 — Tue, 21 Sep 2004 07:02:03 GMT

Noway friend.

Once you have root password means you have everything. No one can stop you deleting anything.

Sunil

Re: file permission

Cheryl Griffin — Tue, 21 Sep 2004 07:02:07 GMT

sudo can be found at
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/

Re: file permission

MarkSyder — Tue, 21 Sep 2004 07:13:38 GMT

Does this file ever change?

If not, copy it to tape and keep the tape in a place where it is instantly accessible to you but no one else. Alternatively, ftp the file to your PC and keep it there in case it is ever needed (ftping the file back is probably going to be quicker than restoring it from tape).

Mark Syder (like the drink but spelt different)

Re: file permission

RAC_1 — Tue, 21 Sep 2004 07:14:44 GMT

No way to do that. Root can do anything. There is no use in setting any permissions on this file. If your concern is, other should not be able to read this file, then
you can encrypt the file.

crypt < input_file > out_put.crypt
This would ask for a a key. Then remove the input_file. Also tremember the key that you used.

To decrypt the file

crypt < out_put.crypt > file
this would ask for key and then decrypt.

Anil

Re: file permission

Muthukumar_5 — Tue, 21 Sep 2004 08:18:38 GMT

We can not do with separate passwd on unix when two others are root.

Eventhogth you encrypt / configure sudo, other's can intentionally remove the encrypt file directly / change the configuration there.

we can avoid removing files accidentally by creating special directory on some known locations and it must be known by other two.
( 600 root root /spl-dir/ )

And other way is to take backup of the special file / directory or making nfs setup to your own machine ( which can not be accessible by other two there ).