Due to security requirement, we can't ssh / winscp using root into Linux
( Redhat & CentOS ) & HP-UX servers.
I have a recurring issue with Winscp : in most cases, the login id used by the
individual sysadmin after doing Winscp can't read a number of logs or files
that we need to copy out to Windows PC for emailing out.
So the sysadmin would ssh login to his individual id, su to root & temporarily
change the permission of the file & possibly the directory the file is in to 644
(world readable), then winscp to copy it out & then reverse back the permission.
I'm not in favour of this as it's sort of a change & sometimes the sysadmin forgets to
reverse / normalize back the permission (which will flag as alert in the next security
scan), sometimes, it was reversed back incorrectly (which will trigger jobs' failure).
I thought that the sysadmin copies using root the required file to /tmp & make it world
readable & then winscp out the file & housekeep /tmp. But I've seen a case where
/tmp fills up to 99.9% & cause a service disruption & sysadmin did not realize it till
about 30-60 minutes later (despite that there's filesystem monitoring in place : as the
sysadmin usually doesn't check his email / mobile phone for new messages frequently.
The other thing is to copy to /var/tmp : would this filling up /var/tmp cause service
disruption in any way? Eg:
-Disruption to say Oracle creating temp files (usually in /tmp)?
-When new patches are being installed to HP-UX & Linux, does it go into /var (in
our case /var/tmp is a subdir under /var filesystem) & if there's insufficient free
space, would the patching process bombs out in a "half-corrupted" state?
-Any other possible disruption?
The other thought I have is to set up ssh server or ftp server on the Windows PC
so that the sysadmin just scp or ftp the files using root directly into the PC but is
this a security threat ? This method is probably most efficient & does not entail
any change of permission of files on Unix server & no worry of /tmp filling up
any other thoughts of a good way of doing files transfer between the Unix servers
& Windows PC ?