HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Protect typescript file
Operating System - HP-UX
        1839319
        Members
    
    
        2708
        Online
    
    
        110138
        Solutions
    
Forums
        Categories
Company
Local Language
                
                  
                  back
                
        
                
        
                
        
                
        
        
        
                
        
                
        
        
        
                
        
              
              Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
                
                  
                  back
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
                
            
            
                
            
                
            
                
            
                
            
            
                
            
                
            
            
                
            
                
              
            Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
        Information
        Community
Resources
Community Language
        Language
        Forums
Blogs
Topic Options
			
				
					
	
			
		
	- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2006 05:51 AM
09-13-2006 05:51 AM
			
				
					
						
							Protect typescript file
						
					
					
				
			
		
	
			
	
	
	
	
	
			
				
					
					
						We don't want to convert our system to trusted mode but be able to use scripts. Only problem to pursue this further is that user can write to file anytime. Is there a way to avert this, may be some way to audit operation on typescript file by users or some kind of special permissions - which I am incredulous about- to just give append mode access i.e no write or delete access.
					
				
			
			
				
			
			
				
			
			
			
			
			
			
		
		
		
	
	
	
		2 REPLIES 2
	
	            
            
		
		
			
            
                - Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2006 07:23 AM
09-13-2006 07:23 AM
			
				
					
						
							Re: Protect typescript file
						
					
					
				
			
		
	
			
	
	
	
	
	
			
				
					
					
						What you are asking is not possible to do with the services supplied by the operating system. Once you give a user rights to append to a file, he/she can obliterate anything inside the file.
What you need to do is to put some kind of a wrapper around the script command to copy the typescript file once the user exits out of the shell. Something like this
#!/usr/bin/sh
/usr/bin/script /var/tmp/$(whoami)
cat /var/tmp/$(whoami) >> /var/adm/userlogs/$(whoami)
rm /var/tmp/$(whoami)
this code snippet can be placed under a directory which will preceede /usr/bin in the PATH variable and can be named script. Or you can rename script executable and point this command to the renamed executable. Upto you.
This is not a guaranteed way of protection though. Since the user has access to the logfile getting created, they can nullify or modify it while they are in session. By doing this you are relying on "security by obscurity" principle, which is an oxymoron to start with anyway. If your mind is set on security and auditing, you will need a product like PowerBroker in my opinion, short of converting to trusted system
		
		
	
	
	
What you need to do is to put some kind of a wrapper around the script command to copy the typescript file once the user exits out of the shell. Something like this
#!/usr/bin/sh
/usr/bin/script /var/tmp/$(whoami)
cat /var/tmp/$(whoami) >> /var/adm/userlogs/$(whoami)
rm /var/tmp/$(whoami)
this code snippet can be placed under a directory which will preceede /usr/bin in the PATH variable and can be named script. Or you can rename script executable and point this command to the renamed executable. Upto you.
This is not a guaranteed way of protection though. Since the user has access to the logfile getting created, they can nullify or modify it while they are in session. By doing this you are relying on "security by obscurity" principle, which is an oxymoron to start with anyway. If your mind is set on security and auditing, you will need a product like PowerBroker in my opinion, short of converting to trusted system
	________________________________
UNIX because I majored in cryptology...
			
			
				
			
			
			
			
			
			
		UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2006 03:09 PM
09-13-2006 03:09 PM
			
				
					
						
							Re: Protect typescript file
						
					
					
				
			
		
	
			
	
	
	
	
	
			
				
					
					
						Trusted will not do anything to protect scripts that are world-writable. If you have any scripts that are 777 (-rwxrwxrwx) then that is your problem. *NO* script should ever have that value. All scripts should be 755 (-rwxr-xr-x) so that only the owner can change the contents. This is basic Unix permissions. You don't want any user to change any scripts except the ones the user owns. This is called source code control. If anyone can make changes to these scripts, you might as well shutdown the computer as total chaos will soon be the result.
					
				
			
			
				
	
Bill Hassell, sysadmin
			
			
				
			
			
			
			
			
			
		
		
		
	
	
	
Bill Hassell, sysadmin
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
		
	
	
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP
