• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

How to restrict Multiple user edits to single file from multiple session in linux.

I want to restrict multiple user edits to single file from multiple session in linux, how can i do this ??
0
sudhirgoogle
Asked:
sudhirgoogle
3 Solutions
 
abbrightCommented:
Create a new group called "editfilegrp".
Put the users you want into this group.
Then change group-ownership of the file to this group: chgrp editfilegrp filename
Change permission to edit the file only for this group: chown u-w,o-w filename
0
 
woolmilkporcCommented:
I'd suggest using some kind of source code control system or revision control system.

Mandatory file locking cannot be implemented without programming (C, maybe Perl), taking the original editor binary out of reach, and cooperative/advisory locking (e.g. by some wrapper script to the editor call) is easy to circumvent (just use the original editor binary instead of the wrapper script).

Wikipedia has a list of free revision control software:

http://en.wikipedia.org/wiki/Category:Free_revision_control_software

wmp

0
 
Alberto CortesCommented:
Solution:

What you need is a Revision Control environment, where you have control of the file changes and can revert if needed.
I suggest you to check commercial products like IBM Clearcase, or free product like Apache Subversion:
http://en.wikipedia.org/wiki/Clearcase
http://en.wikipedia.org/wiki/Subversion_%28software%29
 
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
omarfaridCommented:
how the file is edited?
0
 
sudhirgoogleAuthor Commented:
Thanks for your response. The is being edited using VI editor or VIM
0
 
woolmilkporcCommented:
Neither vi nor vim provide a locking mechanism.

Since I assume that you're not willing to write a C program, without Revision Control your only option is a wrapper script to vi and vim providing some kind of locking.

The obvious drawbacks here are:

- Easy circumvention by using the original binary. There is no support for setuid scripts in Linux and most Unixes (except Solaris).
- Easy manual removal of lock files. The concerned user must have full read/write access to them.
- Orphaned locks. Even when trapping all possible signals you can't completely avoid leaving orphaned locks which must be removed manually.
- Ambiguity. Either you're going to lock the filename alone, then only one single file with that name can be edited at a time system-wide, regardless of which directory it is in, or you're going to lock the full path, then a simple cd to the respective directory and starting vi against the filename alone would circumvent the lock.

wmp
0
 
sudhirgoogleAuthor Commented:
Not able to implement.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now