Granting a new employee access to Ubuntu Server

Hi,

We are bringing on an extra pair of hands to work on our systems.

We have a Ubuntu server - I have root access and I wish to grant the new employee access via SSH also.

Is there anyway to monitor what (files) changes under their login session(s)? Is there a monitoring package??

Also, what privileges should I grant them?

Im a bit new on this, but I have root access.

thanks
intangiblemediaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

farzanjCommented:
If you have created a regular account for them on Linux, they should be able to create/access files in their own directory.  They cannot access any admin command unless you provide them access through sudo.

Do you want to monitor the files they create/modify under their own account?
0
intangiblemediaAuthor Commented:
Yes, I would like to do so.

How?

Thanks!
0
Duncan RoeSoftware DeveloperCommented:
Take a look at man inotifywatch and man inotifywait
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Steve BinkCommented:
To expound a bit on duncan_roe's suggestion, take a look at this script I use in one of my development projects:
$> cat wait_for_change.sh
#!/bin/bash
inotifywait -e close_write -e move -e create -e delete -mr \
  /var/www/my_monitored_directory | while read dir event file
   do
    # looking for any changed file that isn't publisher.wsgi
    # and is not in a log directory, and doesn't end with .log
    if [ "$file" != "publisher.wsgi" ] && [[ $dir != */log/*  &&  $file != *.log ]]
    then
      touch /var/www/my_monitored_directory/publisher.wsgi
      echo "touched pub because $file reported $event"
    fi
   done

Open in new window

The idea is pretty simple.  WSGI automatically refreshes an application if it detects a change, but its change detection is pretty narrow - it does not watch every single include you might have.  So, I used inotify to watch the entire directory (including sub-directories).  If it detects a change in any file that is not a) the actual WSGI application or b) part of the logging system, it updates the timestamp on my WSGI app using touch.  When I run this script, I can edit any file in my app's tree and always know my running app is fresh.

Note that I touch the file, and echo out the caught event.  You could easily echo that to a log for your later reading pleasure.

inotify is part of the inotify-tools package.  You can usually install it with apt-get, or dpkg:
$> dpkg --list *inotify*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                            Version                         Description
+++-===============================-===============================-==============================================================================
ii  inotify-tools                   3.13-3                          command-line programs providing a simple interface to inotify
ii  libinotifytools0                3.13-3                          utility wrapper around inotify

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve BinkCommented:
#39599132
0
Duncan RoeSoftware DeveloperCommented:
Agree most of the points should go to https:#a39599132, but a small share also to https:#a39596635 on which the main answer builds
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.