topic Re: Restricted User Environment in Operating System - HP-UX

Restricted User Environment

Muhammad Asghar_1 — Wed, 03 Dec 2008 11:32:12 GMT

Dears,
i have an application whose logs are being collected in /opt/app/log.

i want to create a user who would have permissions only for /opt/app/log directory and must not be able to wander and execute system commands else where in the system. In /opt/app/log he should have only read access.

my OS is hp-ux v2 and hardware is pa risc.

please accept thanks in advance.

Regards,
Asghar

Re: Restricted User Environment

Jozef_Novak — Wed, 03 Dec 2008 11:41:27 GMT

Hello,

you should set up a chrooted user for this purpose. Here is a document that might provide you with some hints on how to do it:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983

Jozef

Re: Restricted User Environment

saravanan08 — Wed, 03 Dec 2008 11:53:46 GMT

hi

my idea if u want to give permission to readonly for that file means

u can create a shell script or add an entry to the cron ta for appending those log to the particular user's file
for example
1.create a directory in the user's home directory
2.then create numer of files equal to the numer of files in that log directory
3. then create a script so that the content of a paticular file wil get redirected to that user file
cat logfile1 > (equalent file in that user directory)
4.similarly for all files

5.add this script in cronta so that the user file get updated in regular intervals
so that the user can read that log file.

thank u

Re: Restricted User Environment

Muhammad Asghar_1 — Wed, 03 Dec 2008 12:15:47 GMT

i have already created ftp user who has rights only in his ftp home. (chroot env for that ftp user). workaround was to create ftp user and cron a script who will update ftp home with logs from /opt/app/log. but problem is log directory size. its getting bigger and bigger. just one week logs are more than 500 MBs.

if i make logs directory as home to ftp user, i'll have to change the permissions of logs directory that will affect the application itself in return.

i think i could type what i am thinking. your replies will make me understand if i could explain my problem well.

Regards,

Re: Restricted User Environment

Wim Rombauts — Wed, 03 Dec 2008 12:24:00 GMT

If it is just for accessing logs in that directory, I think you should use NFS (if the remote user in on linux or unix) or CIFS/samba (if the remote user is on windows).

This way, the user can find the (read-only if you want) on his/her local machine and has no option of walking around elsewhere in any way.