- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Scripting
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2007 09:36 PM
тАО08-06-2007 09:36 PM
Scripting
To give them RW access we add them to a secondary group temporarily (time agreed) and then remove it after they make changes (all done by SAM or Usermod command).
Now I want this to be scripted so that OPS (Operators) can run a script for them to add/remove the secondary group. The main issue is how to build an automatic time-out.
I want to run a script where suppose Developer Tom calls and asks for RW access for 4 hrs then the OPS should be able to run a script where they can add the user Tom and the time and after 4 hrs it should automatically remove the Secondary Group for Tom (if this is possible) and the maximum access should be no more then 2 weeks
Example Script Output as below to make things more clear
Please type the use you want to give RW access? TOM
For how long he wants access? 4 hrs
Access Given!!!!! RW access will be removed after 4 hrs.
Please type the use you want to give RW access? DICK
For how long he wants access? 2 days
Access Given!!!!! RW access will be removed after 2 days
Please type the use you want to give RW access? Harry
For how long he wants access? 3 weeks
Sorry!! Maximum RW access cannot exceed 2 weeks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2007 09:56 PM
тАО08-06-2007 09:56 PM
Re: Scripting
You don't have to write the whole script.
Sam records every command that you run by menu and provides the commands that it run.
You should run the sam process and then view the recent commands.
Then you can cut and paste the code into your "script"
You'll need some additional code.
echo "Please type the use you want to give RW access?"
read USERNAME
echo For how long he wants access(in weeks)?"
read LENGTH
if [ $LENGTH -ge 2 ]
then
echo two weeks or less. Try again
exit
else
echo "Access Granted to $USERNAME"
# put sam code here.
fi
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2007 01:39 AM
тАО08-07-2007 01:39 AM
Re: Scripting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2007 01:39 AM
тАО08-07-2007 01:39 AM
Re: Scripting
just be sure that the operators have access to batch and at.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2007 01:48 AM
тАО08-07-2007 01:48 AM
Re: Scripting
The first script adds the user to the group. This could possibly be done with the usermod command. At the end of the script, after you add the user to the group and have input the expiration period, you code a call to the 2nd script. This call will schedule an 'at' job to run the 2nd script at the specified expiration time for the user specified. For example: /some/dir/delete-groups tom | at now + 4 hours
When using at you can specify 'now + minutes/hours/days/weeks/months/years'
The 2nd script accepts a username as a parameter and removes the user from that group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2007 01:51 AM
тАО08-07-2007 01:51 AM
Re: Scripting
What you might need to do is write a SUID program in C or C++ that the operators run. This program is SUID as some userid that in turn has the appropriate permssions to do the usermod. This program need only be a wrapper around a script that does the work, which can do the usermod to add the group and, as pointed out, create an 'at' job to later remove the group.
The only thing you need to be careful with for the SUID program is sanitizing the input and environment to avoid buffer overflows and other nasty security issues. (Never, ever, use a SUID script.)