HPE Community
Operating System - Linux
1827809 Members
1983 Online
109969 Solutions
New Discussion

Custom rm, cp, and mv scripts for restricted SAM users

 
SOLVED
Go to solution
TheJuiceman
Super Advisor

‎08-02-2005 03:09 PM

‎08-02-2005 03:09 PM

Custom rm, cp, and mv scripts for restricted SAM users

Hey guys,

I have some "special" users that need to execute some copy, removes, etc as root. They are restricted sam users. I want to create a script (or a set of scripts) that will allow them to rm, cp, whatever as root...but I don't want them to be able to delete system files, logs, etc. I also would like to track what they do within the script. Any help would be appreciated. Thanks.
0 Kudos
Reply
4 REPLIES 4
Bill Hassell
Honored Contributor

‎08-02-2005 03:29 PM

‎08-02-2005 03:29 PM

Re: Custom rm, cp, and mv scripts for restricted SAM users

It will be a lot of work to write these scripts. Instead, don't use restricted SAM, get a copy of sudo from the HP website and simply write the rules into the sudo config file. sudo will log every command as well as attempts that are not allowed.

NOTE: neither SAM or sudo know what the "important" files are. The most dangerous commands for Unix are rm, mv, and chmod -R. Your helpers must be restricted to certain directory paths for their rm commands, but even then, a mistake will be made. There is no list of important files that should not be removed or moved.


Bill Hassell, sysadmin
0 Kudos
Reply
TheJuiceman
Super Advisor

‎08-02-2005 03:39 PM

‎08-02-2005 03:39 PM

Re: Custom rm, cp, and mv scripts for restricted SAM users

Hi Bill,

We have something set up using SCM, but some of these users really hate the command line and love the GUI thing SAM gives them. You know how it is when you give a user something...you can never take it back LOL
0 Kudos
Reply
generic_1
Respected Contributor

‎08-02-2005 05:22 PM

‎08-02-2005 05:22 PM

Re: Custom rm, cp, and mv scripts for restricted SAM users

I agree use sudo. Use sudo in the sam scripts if ya have too.
put an html page on their desktop lol.

Put big pauses in the sam scripts then tell em you have this new fast command tool :) LOL
Reply
Bill Hassell
Honored Contributor

‎08-02-2005 09:53 PM

‎08-02-2005 09:53 PM

Solution

Re: Custom rm, cp, and mv scripts for restricted SAM users

I would take a very serious approach to system maintenance. All a novice user (one that doesn't like command lines) has to do is remove some 'crazy big files' like vmunix and your production machine(s) may be down for hours or days. There is no need for root privileges if the user is just cleaning up their own work. Several times, I have seen a DBA "fix" an database installation with

chmod -R 777 /

That command destroyed the entire system as very important commands (like login and passwd) would not function. It's like having a high school shop class work on your airplane before you fly to Europe...


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.