HPE Community
Operating System - HP-UX
1835256 Members
2355 Online
110078 Solutions
New Discussion

way to secure my personal programs or data

 
ezhilarasan_1
Occasional Advisor

‎04-03-2006 01:54 AM

‎04-03-2006 01:54 AM

way to secure my personal programs or data

Hi,

I need a way to secure my personal programs or data. Let me explain my environment setup.

Here hundreds of oracle DBA are working, everyone has individual unix id and Home dir.
And everyone has their individual programs or data under their Home.

Everyone first login by their individual unix userid ( myself as ezhil ) in a local server.
Then we will login to a remote server by ssh hostname to do support.
From there remote also we will be able to see our individual Home dir programs and data (some virtual Home dir setup mechanism).

At this point, individuals login as oracle by giving ( sudo su - oracle ).
Now I can not access or copy my program to this server for support if I have not granted
access permission to others, because now even I am as oracle unixid.
That is why I have granted by chmod 755 /home/ezhil/scripts.

I copy needed script say by cp /home/ezhil/scripts/check_performance.sh .

I am wondering by some mechanism, can we restrict others apart from my unixid to copy
my personal data and programs by asking for some key or password ?

In old company, when we view a secrete or critical file, we do by
vi -x oracle_passwd_for_all_servers.
Then it will ask for key, when we give correct key, it will de-crypt the file contents and can see contents,
otherwise it will be like machine code. But I do not know where the key is stored for checking, if the key creator also forget this, then may be problem.


But here in my case, not single file, hundreds of files in the dir, so I want to secure the whole dir from coping scripts or data by others
( keep in mind I also will be others when I logined as oracle by sudo, but I want to copy ).


Unix experts, please advise some easy mechanism with steps.

My advance thanks for your help.


Regards
Ezhil
0 Kudos
Reply
4 REPLIES 4
A. Clay Stephenson
Acclaimed Contributor

‎04-03-2006 02:09 AM

‎04-03-2006 02:09 AM

Re: way to secure my personal programs or data

Well, although it is not considered very robust by today's standards, you can still have the same security that you had using the vi -x method. The vi -x option simply makes use of the UNIX crypt command --- and the key is stored nowhere. Crypt uses a completely reversible algorithm so that the same key is used to encrypt (actually encipher) the data and to decrypt the data.

You can write a script invoking crypt to encipher all your files with a common password and then decrypt using vi -x when you need to actually use them.

You could store your password in a secure place so that others could have access on an emergency basis.
If it ain't broke, I can fix that.
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎04-03-2006 02:41 AM

‎04-03-2006 02:41 AM

Re: way to secure my personal programs or data

You could use gpg or pgp to secure your data. These commands can encrypt files using public key. In this way, nobody could use your files unless you explicity decrypt for them.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎04-03-2006 03:06 AM

‎04-03-2006 03:06 AM

Re: way to secure my personal programs or data

Use scp to copy from your home directory.

This will ask you for your password before
completing the copy.
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎04-03-2006 03:13 AM

‎04-03-2006 03:13 AM

Re: way to secure my personal programs or data

I'm not familiar with Oracle, but rather then everyone sharing a login of "oracle" to do oracle activities, can you just change your effective group id. That way your user id stays the same for permissions to the files you own.

Or vice versa, create a unique group id for each DBA, then when you change to user id oracle, change the group to your unique group id and specify permission based on group.

My 2 cents

Rod Hills
There be dragons...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.