- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: control editing of hosts file
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 10:14 AM
тАО01-29-2010 10:14 AM
control editing of hosts file
I may have a need to have some users edit the /etc/hosts file to change printer items that are in here from time to time.
since this file is read only, and quite frankly not a good ideal to be doing this outside of an admin, I may not have a choice in this at this time.
Does anyone do any of this, where they may have to allow a user to edit it but out of fear of a mess up, have a way to contol it, or another work around?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 10:44 AM
тАО01-29-2010 10:44 AM
Re: control editing of hosts file
The simplest way is to give sudo permission to the users for a script, which before "vi /etc/hosts" creates a backup of the file, e.g as hosts.201001291131.
This allows you to restore the file in case of an error in the file editing.
If you don't trust the users, write a script, which asks for hostname and IP and replaces or adds appropriate string to /etc/hosts, use sudo and backup the hosts before editing.
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 11:13 AM
тАО01-29-2010 11:13 AM
Re: control editing of hosts file
You can either use sudo or Restricted SAM for those users who need permission to edit hosts file
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 11:41 AM
тАО01-29-2010 11:41 AM
Re: control editing of hosts file
thought maybe there was something i did not cover.
thanks for your help.
scott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 03:31 PM
тАО01-29-2010 03:31 PM
Re: control editing of hosts file
Set a specified group, and have file /etc/hosts with this group and chmod to 464. (the ownership is still root) Then give those guys the specified group as second group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 06:16 PM
тАО01-29-2010 06:16 PM
Re: control editing of hosts file
My preference is to never use printer names. Unless your network printing is out of control, these IP addresses don't change much and the hostnames for printers are used in only one area of HP-UX: the lp spooler. I use nothing but IP addresses for printers. If a printer address changes, I simply edit the interface script where the IP address is stored. The change takes place in real time -- no stopping of the spooler.
In your case, if you give some admins the ability to sudo not as root but as lp, you can limit the damage. A mistake in an lp script just stops one printer but doesn't affect the rest of the server.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 08:07 PM
тАО01-29-2010 08:07 PM
Re: control editing of hosts file
Choices :-
either create script -> menu -> options -> to backup the exisiting orginal /etc/hosts file and than to edit /etc/hosts update and what you want and sendemail notfication that some has edited the /etc/hosts file so that if its mess you can quickly require from mess by resoter back the /etc/hosts from backup copy also provided from menu options
1)Operator Menu
2)Backup Current Host_file_Server_Name
3)Edit Host_File_Server_Name
4)Send Email Notification_Host_file_Changed
5)Restore Original Host file_Server_Name
I have worked on this "ISOMENU" bin which will give temporary Admin access for those operators work has Operation's like
"Every weekend Operator Use to "Bring down and Bring up" the MCSG - Cluster Server" Using the "OPerator Menu", Weekly Reboot Maintenance Activity
Hope this Helps,
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2010 04:43 AM
тАО02-01-2010 04:43 AM
Re: control editing of hosts file
typically as an admin I would be ok doing this, but the control of this is being done by several areas.
I had looked into what Bill meantioned about changing the ip of the printer, one key item here is the damage, is limited to just a printer is a mistake is made.
thanks everyone, again It was along shot to see what anyone else was doing, sometimes our best practices change with who is directing us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2010 04:59 AM
тАО02-01-2010 04:59 AM
Re: control editing of hosts file
as providing a script which could make only
certain (limited) changes to "/etc/hosts",
rather than allowing actual editing of the
thing.
One could also allow no editing of a base
"hosts" file, and allow free editing of an
addendum "hosts" file, and provide a
(privileged) script which would combine the
two files to create an updated "/etc/hosts".
The script could do some basic checking, say
to look for plausible syntax or specific IP
addresses on the non-comment lines in the
user-edited addendum "hosts" file. (It's not
fool-proof, but it might limit fool-caused
damage.)
As usual, many things are possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2010 05:14 AM
тАО02-03-2010 05:14 AM
Re: control editing of hosts file
I was able get the groups to utilize a sudo for editing the host file, as even my access is limited to this system.
In thinking this and re-reading some of your answers I decided to see if I can take this farther, but I am un-clear on something.
I was able to create a script that simply ask the person the que and Ip address that the que needs to point to, and using a sed s/ip/newip to change the ip of the que to where they need it.
My problem is how can I reverse it, as I may have a 2 same IPs in hosts to point to 1 printer, and now I want the one que back to another address as:
1.1.1.1 A
1.1.1.1 B this one I can do with sed.
however now I need B back to say 2.2.2.2 but I need to ensure I change the right one, and the only static if you will is B.
I tried a sed looking for the line with B and doing the c/ (to change the full line) but cant
seem to work it.
is there another way to ask the user for the IP of B and not effect A?