LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-19-2012, 11:20 PM   #1
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Rep: Reputation: 36
Need some expert advise on running scripts.


We have couple of scripts made for our environment (which is Oracle Virtulisation ) .

Each script is assigned a different task .
Some of the scripts are meant to run on centralized server for monitoring other Servers resource utilization such as CPU,Storage.

While some are meant to run on Server for getting server specific jobs.

Almost all scripts run using root credentials.

The script which takes output from other servers .
I have used ssh password less login using rsa keygen generated for root.

have below queries regarding the environment.
1)Will it be a good idea to make a rpm out of those scripts and maintain a version control.

2)How do i avoid root usage ?
As the environment is build on xen virtual technology and most commands only run using root.

3)Is there any other way of doing it?
 
Old 02-20-2012, 01:19 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
You try creating a dedicated user acct eg sys_check and give it sudo access to only the cmds it really needs.
Also, check the stuff it's running in detail, does it REALLY need to run as root? eg many cmds can be run as non-root if you give full path eg /sbin/cmd...
 
1 members found this post helpful.
Old 02-20-2012, 05:14 AM   #3
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by chrism01 View Post
You try creating a dedicated user acct eg sys_check and give it sudo access to only the cmds it really needs.
Also, check the stuff it's running in detail, does it REALLY need to run as root? eg many cmds can be run as non-root if you give full path eg /sbin/cmd...
Thanks ,Waiting for rest of the questions to be answered.
 
Old 02-20-2012, 09:56 AM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,832
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Quote:
Originally Posted by pinga123 View Post
have below queries regarding the environment.
1)Will it be a good idea to make a rpm out of those scripts and maintain a version control.

2)How do i avoid root usage ?
As the environment is build on xen virtual technology and most commands only run using root.

3)Is there any other way of doing it?
#1)
It is always a good idea to use version control. Where I work we keep all of our scripts and system configurations in subversion. I don't see a need to build rpms out of your scripts unless the have explicit dependencies you wish to reference for them and you're not planning to have them installed on all machines through cobbler. If all machines have the same scripts then just let cobbler handle it and there's no need to go out of your way to create rpms for a few simple scripts.

#2)
chrism01 is doing it the same way I would suggest. sudo is very useful for those situations and I've done that before without much effort.

#3)
Our DB admins monitor their Oracle databases using Oracle Enterprise monitor manager. They don't seem to ever catch anything with it though. I run checks on it using Icinga and set up escalations so that it emails them when systems are warning or critical based on certain predefined conditions, which works well. Also we graph historical information on the system using munin. I integrated munin into Icinga so that it is relatively easy to view long term statistics on a machine when viewing real time alerts. I wrote a plugin for monitoring database connections to Oracle and will alert when a certain threshold has been met.

Those aren't the only monitoring utilities but they're good quality.

Last edited by sag47; 02-20-2012 at 09:58 AM.
 
Old 03-02-2012, 06:40 AM   #5
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
I get many permission denied errors as i have below line in the script.

Code:
find / -name *.img*
How shall i add it in /etc/sudoer file so that i shall not be getting permission denied error?

Last edited by pinga123; 03-02-2012 at 07:01 AM.
 
Old 03-02-2012, 09:31 AM   #6
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,832
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Depends on what you want to do. If you don't care about the permission denied errors but still want to list out everything else then you can do just that and redirect stderr to null.

Code:
find / -name *.img* 2> /dev/null
Or you could look up how to use the -prune option in the man page.

SAM
 
Old 03-04-2012, 10:39 PM   #7
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by sag47 View Post
Depends on what you want to do. If you don't care about the permission denied errors but still want to list out everything else then you can do just that and redirect stderr to null.

Code:
find / -name *.img* 2> /dev/null
Or you could look up how to use the -prune option in the man page.

SAM
I do care about the errors and needs them to be searched .

I know the newly created user doesn't have permission to list them but is there any way to achieve it?
 
Old 03-05-2012, 01:22 AM   #8
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,832
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
I'm not sure I understand your question any more. Are you asking how to circumvent permission limitations on directories for a user which has no permission? As far as I know the only user which can ignore that is root.

So to answer no, if the user doesn't have permission then they can't list the contents of the directory with find or any other tool.

*EDIT*: Ah I misunderstood. You could add them to an admin group or choose a group the user is already apart of.

/etc/sudoers
Code:
#allow users in admin group to sudo
%admin ALL=(ALL) ALL

#run sudo /bin/find without having to provide a password.
%admin ALL=NOPASSWD: /bin/find
Then you could run your command like this:
Code:
sudo /bin/find / -name *.img*
I think that may be what you're looking for. I'm still a little vague on the details.

Last edited by sag47; 03-05-2012 at 01:28 AM.
 
Old 03-06-2012, 12:11 AM   #9
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by sag47 View Post
I'm not sure I understand your question any more. Are you asking how to circumvent permission limitations on directories for a user which has no permission? As far as I know the only user which can ignore that is root.

So to answer no, if the user doesn't have permission then they can't list the contents of the directory with find or any other tool.

*EDIT*: Ah I misunderstood. You could add them to an admin group or choose a group the user is already apart of.

/etc/sudoers
Code:
#allow users in admin group to sudo
%admin ALL=(ALL) ALL

#run sudo /bin/find without having to provide a password.
%admin ALL=NOPASSWD: /bin/find
Then you could run your command like this:
Code:
sudo /bin/find / -name *.img*
I think that may be what you're looking for. I'm still a little vague on the details.
Is there any benefits adding the user to admin group?
I can use below to achieve the same.
/etc/sudoers
Code:
<username> ALL = NOPASSWD: /bin/find
Code:
sudo /bin/find / -name *.img*
 
Old 03-06-2012, 12:38 AM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
I wouldn't give him any more privs than the minimum reqd ..., so skip the admin group thing
 
Old 03-07-2012, 12:41 PM   #11
ratotopi
Member
 
Registered: Dec 2011
Posts: 114

Rep: Reputation: 6
The better way to do your job to check all your servers resource utilization such as CPU,Storage.is to run Nagios
and for your second problem see
https://www.linux.com/learn/tutorial...-configuration
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
is suid disabled from running all scripts or just from running them as root monsteriname Programming 2 09-05-2009 03:57 AM
Firewall advise, Running Debian_AMD64. Purley as a precaution on home network. Eeek Th£ Bear Linux - Security 7 08-03-2009 12:48 PM
looking 4 some expert advise dell 1545 Caper Linux - Laptop and Netbook 6 03-03-2009 02:00 PM
syslinux.cfg 'Expert' advise needed... multiboot from usb Akonbobot Linux - General 0 08-25-2008 03:49 PM
NOOB NeedS Expert Advise on What Newsgroup Program to use! moore757 Linux - Software 5 03-03-2005 01:22 AM


All times are GMT -5. The time now is 08:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration