Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Obviously the USER_1 only has read rights on the file inherited by _GROUP_1, so i cannot replace it. (r)
I have provided the following soloutions to our SAP admins:
1: Execute the script twice to replace the file, but with the appropriate user and path (Recommended - This is how they do it now)
2: Execute the script with the root user (Not recommended)
3: Using /etc/sudoers to give the user root rights when executing this specific script with _USER_1 (Rejected)
4: We give _GROUP_1 write rights for that directory (Rejected)
I believe it is fine how we do it now, but they want me to get it done using one script. (???)
1) Comming from Windows I was told to create a service account. But it would still need root rights, right?
2) As a bit of a newbie, I am not sure what other possible solutions there are and I am hoping for some hints?
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802
Rep:
Is the idea of a service account to take files dumped there by (or into the account of) User_1 and transfer them to User_2's account?
If that's what is wanted,... The "service user account" simply needs read/write authority in the destination directory and, at least, read authority in the source directory (or read/write authority in the source directory if it is intended to "move" the file from there). It doesn't need full root authority.
As far as executing the script, that can be done as a cron job,... scheduled, so that no actual user has to log in to execute it. Or, if you want it to be really elaborate, you can have the script execute, essentially, as a daemon, scanning the directory for files matching a particular filter, and then "automatically" moving them. However, it's probably easier for the script just execute via cron on some regular interval,... else it could, if not properly set up, run away with itself, hogging processing bandwidth.
Is the idea of a service account to take files dumped there by (or into the account of) User_1 and transfer them to User_2's account?
If that's what is wanted,... The "service user account" simply needs read/write authority in the destination directory and, at least, read authority in the source directory (or read/write authority in the source directory if it is intended to "move" the file from there). It doesn't need full root authority.
As far as executing the script, that can be done as a cron job,... scheduled, so that no actual user has to log in to execute it. Or, if you want it to be really elaborate, you can have the script execute, essentially, as a daemon, scanning the directory for files matching a particular filter, and then "automatically" moving them. However, it's probably easier for the script just execute via cron on some regular interval,... else it could, if not properly set up, run away with itself, hogging processing bandwidth.
I agree, rather than having someone log into root why not just run a cron job as root. This way nobody has root permissions except the admin setting up the initial cron job. If the script is written right then it shouldn't matter if it's running as root and you can change permissions of the file once it has reached it's destination (i.e. change ownership to the new user).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.