Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Linux user permissions

Posted on 2013-11-27
4
Medium Priority
?
757 Views
Last Modified: 2013-12-31
Is it possible to track this scenario?

I have a user account user1 which has direct root login disabled.

user2 and user3 are able to switch as user1 after ssh to the server.

suppose If user2 and user3 switched as user1 simultaneously and user2 removes a file from the server.

How I can track this event and determine which user has removed the file? Is linux auditing will be able to track this?

Is there any scp tools available so that I can login as user2 or 3 and switch as user1?
0
Comment
Question by:vipinvgopal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 12

Assisted Solution

by:Chris Staunton
Chris Staunton earned 750 total points
ID: 39680417
You could turn on shell logging and just monitor the logs that way.  If the user is using bash for instance you could modify the .bashrc with something like:

[[ ! -d $HOME/.hist ]] && mkdir -p $HOME/.hist
export HISTSIZE=2000
export HISTFILE=$HOME/.hist/`date +%Y%m%d.%H%M`.`who -m | awk '{print $1 "." $2}' | sed 's/\///g'`.$$

Then you can review the dated files in the .hist folder

If you are looking for a more robust solution that you could use for SOX auditing for example.  Check out Centrify for corporate environments.  Their auditing features are pretty impressive.
0
 
LVL 3

Accepted Solution

by:
Detlef001 earned 750 total points
ID: 39680424
0
 
LVL 25

Expert Comment

by:madunix
ID: 39682730
You may give a try with pam_tty_audit module if you want to keep a track of all commands they use, Please refer man pam_tty_audit for more details. You can enable this module only for a particular user, then track the commands executed by that user. The logs goes to /var/log/audit/audit.log, it might not be a good option if you want to monitor the account frequently, (Since all are executed using the same account, you have to find the "su" entry first and track the commands executed from that terminal). Also this expects all users use "su - <username>", if they login directly there is no way to track.

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities. Make sure the users wont be able to do "# sudo su - <user>" or "# sudo -i ". (also they should not be logging in to the shared account directly.. ie; the shared account password should not be distributed, or restrict direct login using pam configurations).
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39686740
Just ad-don to the above comments.
Do the file belongs to server or its some from your specific folders .
If its in a specific folder or path you can use cvs
You are expecting to keep monitoring of your files which can be easily done by a subversion tools like tortoise or svn
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question