HPE Community
Operating System - HP-UX
1831351 Members
3211 Online
110024 Solutions
New Discussion

Restricted User Environment

 
Muhammad Asghar_1
Advisor

‎12-03-2008 03:32 AM

‎12-03-2008 03:32 AM

Restricted User Environment

Dears,
i have an application whose logs are being collected in /opt/app/log.

i want to create a user who would have permissions only for /opt/app/log directory and must not be able to wander and execute system commands else where in the system. In /opt/app/log he should have only read access.

my OS is hp-ux v2 and hardware is pa risc.

please accept thanks in advance.

Regards,
Asghar
0 Kudos
Reply
4 REPLIES 4
Jozef_Novak
Respected Contributor

‎12-03-2008 03:41 AM

‎12-03-2008 03:41 AM

Re: Restricted User Environment

Hello,

you should set up a chrooted user for this purpose. Here is a document that might provide you with some hints on how to do it:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983

Jozef
0 Kudos
Reply
saravanan08
Valued Contributor

‎12-03-2008 03:53 AM

‎12-03-2008 03:53 AM

Re: Restricted User Environment

hi

my idea if u want to give permission to readonly for that file means

u can create a shell script or add an entry to the cron ta for appending those log to the particular user's file
for example
1.create a directory in the user's home directory
2.then create numer of files equal to the numer of files in that log directory
3. then create a script so that the content of a paticular file wil get redirected to that user file
cat logfile1 > (equalent file in that user directory)
4.similarly for all files

5.add this script in cronta so that the user file get updated in regular intervals
so that the user can read that log file.

thank u
0 Kudos
Reply
Muhammad Asghar_1
Advisor

‎12-03-2008 04:15 AM

‎12-03-2008 04:15 AM

Re: Restricted User Environment

i have already created ftp user who has rights only in his ftp home. (chroot env for that ftp user). workaround was to create ftp user and cron a script who will update ftp home with logs from /opt/app/log. but problem is log directory size. its getting bigger and bigger. just one week logs are more than 500 MBs.

if i make logs directory as home to ftp user, i'll have to change the permissions of logs directory that will affect the application itself in return.

i think i could type what i am thinking. your replies will make me understand if i could explain my problem well.

Regards,
0 Kudos
Reply
Wim Rombauts
Honored Contributor

‎12-03-2008 04:24 AM

‎12-03-2008 04:24 AM

Re: Restricted User Environment

If it is just for accessing logs in that directory, I think you should use NFS (if the remote user in on linux or unix) or CIFS/samba (if the remote user is on windows).

This way, the user can find the (read-only if you want) on his/her local machine and has no option of walking around elsewhere in any way.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.