NFS : -alldirs requested but is not a filesystem mountpoint
Hello List, I have a FreeBSD 5.4 (yes a bit old), and I'm just using it as a NFS server. The server has got a filesystem located at /data This local filesystem has several subdirectories, and I'd like these subdirectories to be visible to a client host, but not all as a whole. This is the hierarchy at /data: /data/bulletins/nfs_bulls /data/bulletins/etc/ftpmotd -- this is only for FTP's ftpchroot config /data/taxes/docs /data/taxes/etc/ftpmotd -- this is only for FTP's ftpchroot config The data to be visible is under /data/bulletins/nfs_bulls (and all its subdirectories) and /data/taxes/docs (and all its subdirectories) As the content of both directories has nothing to do with each other, I'd like them to be independently exported. Thus, a client needing access to these data should issue 2 mount's for each data. I don't want both directories to be visible with just one mount. This is what I've coded in my /etc/exports /data/bulletins/nfs_bulls -alldirs -ro -network MyNet -mask 255.255.255.0 /data/taxes/docs -alldirs -ro -network MyNet -mask 255.255.255.0 And this is what syslog says: -alldirs requested but /data/bulletins/nfs_bulls is not a filesystem mountpoint bad exports list line /data/bulletins/nfs_bulls -alldirs -ro -network MyNet -mask 255.255.255.0 -alldirs requested but /data/taxes/docs is not a filesystem mountpoint bad exports list line /data/taxes/docs -alldirs -ro -network MyNet -mask 255.255.255.0 Reading through etc/exports(5) and having seen those error messages, I think I should create another separate filesystem on my server. However, I haven't got any space left for another slice. Is it possible to somehow accomplish what I want in this scenario? Many thanks in advance. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener informacion confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado esta prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: NFS : -alldirs requested but is not a filesystem mountpoint - SOLVED
Solved: -alldirs was unnecessary Thanks. -Mensaje original- De: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] En nombre de Aitor San Juan Enviado el: lunes, 27 de julio de 2009 9:26 Para: freebsd-questions@freebsd.org Asunto: NFS : -alldirs requested but is not a filesystem mountpoint Hello List, I have a FreeBSD 5.4 (yes a bit old), and I'm just using it as a NFS server. The server has got a filesystem located at /data This local filesystem has several subdirectories, and I'd like these subdirectories to be visible to a client host, but not all as a whole. This is the hierarchy at /data: /data/bulletins/nfs_bulls /data/bulletins/etc/ftpmotd -- this is only for FTP's ftpchroot config /data/taxes/docs /data/taxes/etc/ftpmotd -- this is only for FTP's ftpchroot config The data to be visible is under /data/bulletins/nfs_bulls (and all its subdirectories) and /data/taxes/docs (and all its subdirectories) As the content of both directories has nothing to do with each other, I'd like them to be independently exported. Thus, a client needing access to these data should issue 2 mount's for each data. I don't want both directories to be visible with just one mount. This is what I've coded in my /etc/exports /data/bulletins/nfs_bulls -alldirs -ro -network MyNet -mask 255.255.255.0 /data/taxes/docs -alldirs -ro -network MyNet -mask 255.255.255.0 And this is what syslog says: -alldirs requested but /data/bulletins/nfs_bulls is not a filesystem mountpoint bad exports list line /data/bulletins/nfs_bulls -alldirs -ro -network MyNet -mask 255.255.255.0 -alldirs requested but /data/taxes/docs is not a filesystem mountpoint bad exports list line /data/taxes/docs -alldirs -ro -network MyNet -mask 255.255.255.0 Reading through etc/exports(5) and having seen those error messages, I think I should create another separate filesystem on my server. However, I haven't got any space left for another slice. Is it possible to somehow accomplish what I want in this scenario? Many thanks in advance. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener informacion confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado esta prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
login failures
Hi List, Our FreeBSD system has been recently reporting login failures, such as: May 23 16:44:23 lpool login: 2 LOGIN FAILURES FROM host_name_1 May 23 16:44:23 lpool login: 2 LOGIN FAILURES FROM host_name_1, logon_user_used_1 May 26 15:07:27 lpool login: 1 LOGIN FAILURE ON ttyv1 May 26 15:07:27 lpool login: 1 LOGIN FAILURE ON ttyv1, root May 26 15:07:34 lpool login: 1 LOGIN FAILURE ON ttyv1 May 26 15:07:34 lpool login: 1 LOGIN FAILURE ON ttyv1, logon_name_used_2 May 26 15:21:50 lpool login: 1 LOGIN FAILURE ON ttyv0 May 26 15:21:50 lpool login: 1 LOGIN FAILURE ON ttyv0, ^[[B^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[ I wonder where in the system, in more detail, this is registered. Can I assure that those TTYs refer to logon attemps from the physical console? Is there anyway to track down more information. In addition to this, how could we enable system activity logging? Any hint would be highly appreciated. Please, point me to any good documentation on FreeBSD security (concepts and planning guide). Thanks in advance. Aitor. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Shell scripting: Absolute path name of a file given as parameter
Thanks a lot to all who replied. Aitor. -Mensaje original- De: Pete Slagle [mailto:[EMAIL PROTECTED] Enviado el: jueves, 12 de abril de 2007 19:04 Para: [EMAIL PROTECTED] Asunto: Re: Shell scripting: Absolute path name of a file given as parameter Aitor San Juan wrote: I have developed a shell script that, among other things, shows the filename that was specified as a parameter. However, when I invoke the script and the file is located in the current working directory, it just shows: ./my_input_filename I'd like the script to show the full path name of the input file. I wonder whether there is or not an equivalent to %~f1 (Windows Batch file programming). This parameter extension expands parameter %1 ($1 in shell scripting jargon) to a Fully qualified path name. man (1) realpath For example: #!/bin/sh echo The full path of the file name is $(realpath $1) LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Shell scripting: Absolute path name of a file given as parameter
Hi List, Just a simple question. I have developed a shell script that, among other things, shows the filename that was specified as a parameter. However, when I invoke the script and the file is located in the current working directory, it just shows: ./my_input_filename I'd like the script to show the full path name of the input file. I wonder whether there is or not an equivalent to %~f1 (Windows Batch file programming). This parameter extension expands parameter %1 ($1 in shell scripting jargon) to a Fully qualified path name. Any hint would be highly appreciated. Thanks in advance. Aitor. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Installing a second hard disk
Thanks all who answered so quickly. The PC's BIOS detects the complete capacity. The access mode was auto, and I have changed it to LBA, but the same result: FreeBSD still sees a disk (on ad2) capacity of 127 GB. The FreeBSD version installed is 5.4 Thus, I have installed the disk under Windows 2000, and behaves the same way. However Windows XP recognizes the full capacity. The disk is a Seagate IDE Ultra ATA disk. Unfortunately site www.48bitlba.com only offers help for Windows-based systems, and the tools are also for Windows-based OS. Anyway, I have ignored the warning regarding the geometry inaccuracy, done the following manually: fdisk -I /dev/ad2 bsdlabel -w /dev/ad2s1 newfs -U /dev/ad2s1a mkdir /mydata mount /dev/ad2s1a /mydata echo /dev/ad2s1a /mydata ufs rw 2 2 /etc/fstab but for FreeBSD the disk's capacity is still 127 GB. The BIOS date is 21 Mar 2002. I've found out that there is a BIOS upgrade for the motherboard dated June 2002 (if I'm not wrong). So, will upgrading the BIOS solve this issue? Or will upgrading to FreeBSD 6.2 solve it instead? Thanks in advance for any hint or suggestion. Aitor -Original message- To: freebsd-questions@freebsd.org Subject: Installing a second hard disk Hi List, I am trying to install a secondary hard disk in a Intel-based PC with FreeBSD 5.4 This secondary disk's capacity is 250 Gb. When I enter sysintall to try to format it and create a slice, FreeBSD says that the geometry of disk is not correct. I, then, type in the values detected by the BIOS as suggested, but FreeBSD still complains that those are not valid. FreeBSD sees the new disk as a disk of approx. 131 GB. So my question is: where is the problem? Is it that FreeBSD is not able to recognise such a big disk capacity? Any hint, suggestion, or web link would be highly appreciated. Thanks in advance Aitor. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing a second hard disk
Hi List, I am trying to install a secondary hard disk in a Intel-based PC with FreeBSD 5.4 This secondary disk's capacity is 250 Gb. When I enter sysintall to try to format it and create a slice, FreeBSD says that the geometry of disk is not correct. I, then, type in the values detected by the BIOS as suggested, but FreeBSD still complains that those are not valid. FreeBSD sees the new disk as a disk of approx. 131 GB. So my question is: where is the problem? Is it that FreeBSD is not able to recognise such a big disk capacity? Any hint, suggestion, or web link would be highly appreciated. Thanks in advance Aitor. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trapping signal from shell script... doesn't seem to work?
Hi list! I have written a Bourne shell script. This shell script invokes a program written in the C language. Below is basically the shell script source code. As you can see, the C program is not invoked in the background, but in the foreground, so the shell script doesn't finish until the C program has finished. I want the shell script to trap TERM or INT signals, so when any of these are raised, the shell script will try to send SIGTERM to the program myprog: user1:/usr/home/user1$ ps -ax | grep -v grep | grep myprog PID TT STAT TIME COMMAND 22406 p0 I+ 0:00.01 /bin/sh ../cronjobs/myshell.sh 22449 p0 I+ 0:00.00 /usr/home/user1/myprog -d user1:/usr/home/user1$ kill -TERM 22406 user1:/usr/home/user1$ ps -ax | grep -v grep | grep myprog PID TT STAT TIME COMMAND 22406 p0 S+ 0:00.01 /bin/sh ../cronjobs/myshell.sh 22449 p0 I+ 0:00.00 /usr/home/user1/myprog -d I notice the change in state of the shell script process from I+ to S+, but nothing else happens. The shell script seems to remain in execution. However as soons as I press Ctrl-C at the terminal where I invoked the shell script, it indeed receives the Ctrl-C, but myprog receives it first so when the function trap_handler executes, there is no myprog process in memory. My question: Can anybody tell me what happens and/or what am I doing wrong? Why must I press Ctrl-C to force the shell script to finally receive the TERM signal when I executed the kill command from another session? What is this apparent delay due to? Thanks in advance. #-- SHELL SCRIPT BEGIN -- #!/bin/sh # trap_handler() { echo *** SYSTEM SIGNAL RECEIVED *** echo $1 caught. Ending... pid=`find_myprog's_PID` kill -TERM $pid exit 1 } trap 'trap_handler SIGINT' INT trap 'trap_handler SIGTERM' TERM /usr/home/user1/myprog -d #-- SHELL SCRIPT END -- LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Trapping signal from shell script... doesn't seem to work?
Dan, thanks a lot. I'll have a look at it. Regards. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Dan Nelson Enviado el: miércoles, 07 de febrero de 2007 17:47 Para: Aitor San Juan CC: freebsd-questions@freebsd.org Asunto: Re: Trapping signal from shell script... doesn't seem to work? In the last episode (Feb 07), Aitor San Juan said: I have written a Bourne shell script. This shell script invokes a program written in the C language. Below is basically the shell script source code. As you can see, the C program is not invoked in the background, but in the foreground, so the shell script doesn't finish until the C program has finished. I want the shell script to trap TERM or INT signals, so when any of these are raised, the shell script will try to send SIGTERM to the program myprog: Since you didn't background myprog, the shell can't do anything until it returns, including signal processing. See the text at http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_11 There's a nice page about trap handling and shells at http://www3.cons.org/cracauer/bourneshell.html , which includes an example that does what you want: #! /bin/sh pid= onint() { kill $pid } trap onint SIGINT ./hardguy pid=$! wait $pid --- Dan Nelson [EMAIL PROTECTED] LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Default file creation permissions
Hi List, I have a shell script whose execution is scheduled by CRON. The command scheduled is of the form: 50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh /apps/batch/logs/bd_backup.log 21 This shell script runs under the id of root. The file permissions of the log file created are 644 (owner: root, group: wheel). I'd like that the file permissions of the log created be 600 (or 640 maximum). How could I accomplish this? This is probably related to umask, but I don't dare changing anything in case that change could affect some other security configuration as a side effect. What would you recommend? Any hint or suggestion would be highly appreciated. Thanks in advance. Aitor. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Default file creation permissions
Thanks for your reply, Gerard. As you can see, the log file is not created from within the shell script. It's created as the redirection of the output, so your suggestion implies modifying the shell script source code. That script calls some other scripts too and imports other scripts which define some predefined common functions with common behaviour among all the shell scripts developed. This means that is this case the backup script is called by CRON but there's also the possibility of invoking it manually (for example in the need of a backup out of the normal scheduled time). When invoked manually, the results are shown in the screen to the user... You know, the script is not isolated, it's part of a bigger infrastructure behinf the scene, hidden to some users which may invoke batch script from within menus (with no command line access). I'd like to find another solution, having to modify the shell script in the last resort. Thanks in advance. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Gerard Seibert Enviado el: jueves, 21 de septiembre de 2006 11:39 Para: freebsd-questions@freebsd.org Asunto: Re: Default file creation permissions Aitor San Juan wrote: I have a shell script whose execution is scheduled by CRON. The command scheduled is of the form: 50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh /apps/batch/logs/bd_backup.log 21 This shell script runs under the id of root. The file permissions of the log file created are 644 (owner: root, group: wheel). I'd like that the file permissions of the log created be 600 (or 640 maximum). How could I accomplish this? This is probably related to umask, but I don't dare changing anything in case that change could affect some other security configuration as a side effect. What would you recommend? I have a few shell scripts that are run from CRON also. To accomplish what you want, I have 'chmod' and 'chown' commands in the scripts. Perhaps you might be able to incorporate something like that into yours. -- Gerard LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Restrict access to custom shell scripts
Hi list! I have developped several Bourne shell scripts that help some users to accomplish general tasks by choosing an option from a list of options. Such options include, for example, displaying the size of filesystems, (un)mounting filesystems, user account management (add/remove/lock users, etc). As you can imagine, many of these options will require the user to have superuser authorisations. It would be desirable that only a few users have the permission to execute these shell scripts. Following are my 2 approaches. I don't know which is the best. In addition, but I need some further help details of how to accomplish it, so any hint or suggestion would be highly appreciated. Thanks in advance. --- APPROACH 1: --- Make root the owner of these shell scripts (rwx). Create a group and make the shell scripts only executable for users belonging to this new group (r-x). For the rest of the world, no permissions. Until here, I see apparently no problems. But what about the permissions to execute some of the commands encapsulated by the shell scripts? For example, adding users, editing crontabs of other users, (un)mounting filesystems... I wouldn't like the users belonging to this new group to have/belong directly root permissions. --- APPROACH 2: --- Create a special user whose shell entry could be the main shell script (the one who shows the menu of options), that is, no /bin/sh entry or alike, instead the full path to the script who shows the main menu. Then the users should be allowed to change their ID to this special user (using su for example). Again, once su'ed to this user, what the superuser permissions required by most of the options showed in the menu? LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]