Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We have couple of scripts made for our environment (which is Oracle Virtulisation ) .
Each script is assigned a different task .
Some of the scripts are meant to run on centralized server for monitoring other Servers resource utilization such as CPU,Storage.
While some are meant to run on Server for getting server specific jobs.
Almost all scripts run using root credentials.
The script which takes output from other servers .
I have used ssh password less login using rsa keygen generated for root.
have below queries regarding the environment.
1)Will it be a good idea to make a rpm out of those scripts and maintain a version control.
2)How do i avoid root usage ?
As the environment is build on xen virtual technology and most commands only run using root.
You try creating a dedicated user acct eg sys_check and give it sudo access to only the cmds it really needs.
Also, check the stuff it's running in detail, does it REALLY need to run as root? eg many cmds can be run as non-root if you give full path eg /sbin/cmd...
You try creating a dedicated user acct eg sys_check and give it sudo access to only the cmds it really needs.
Also, check the stuff it's running in detail, does it REALLY need to run as root? eg many cmds can be run as non-root if you give full path eg /sbin/cmd...
Thanks ,Waiting for rest of the questions to be answered.
have below queries regarding the environment.
1)Will it be a good idea to make a rpm out of those scripts and maintain a version control.
2)How do i avoid root usage ?
As the environment is build on xen virtual technology and most commands only run using root.
3)Is there any other way of doing it?
#1)
It is always a good idea to use version control. Where I work we keep all of our scripts and system configurations in subversion. I don't see a need to build rpms out of your scripts unless the have explicit dependencies you wish to reference for them and you're not planning to have them installed on all machines through cobbler. If all machines have the same scripts then just let cobbler handle it and there's no need to go out of your way to create rpms for a few simple scripts.
#2)
chrism01 is doing it the same way I would suggest. sudo is very useful for those situations and I've done that before without much effort.
#3)
Our DB admins monitor their Oracle databases using Oracle Enterprise monitor manager. They don't seem to ever catch anything with it though. I run checks on it using Icinga and set up escalations so that it emails them when systems are warning or critical based on certain predefined conditions, which works well. Also we graph historical information on the system using munin. I integrated munin into Icinga so that it is relatively easy to view long term statistics on a machine when viewing real time alerts. I wrote a plugin for monitoring database connections to Oracle and will alert when a certain threshold has been met.
Those aren't the only monitoring utilities but they're good quality.
Depends on what you want to do. If you don't care about the permission denied errors but still want to list out everything else then you can do just that and redirect stderr to null.
Code:
find / -name *.img* 2> /dev/null
Or you could look up how to use the -prune option in the man page.
Depends on what you want to do. If you don't care about the permission denied errors but still want to list out everything else then you can do just that and redirect stderr to null.
Code:
find / -name *.img* 2> /dev/null
Or you could look up how to use the -prune option in the man page.
SAM
I do care about the errors and needs them to be searched .
I know the newly created user doesn't have permission to list them but is there any way to achieve it?
I'm not sure I understand your question any more. Are you asking how to circumvent permission limitations on directories for a user which has no permission? As far as I know the only user which can ignore that is root.
So to answer no, if the user doesn't have permission then they can't list the contents of the directory with find or any other tool.
*EDIT*: Ah I misunderstood. You could add them to an admin group or choose a group the user is already apart of.
/etc/sudoers
Code:
#allow users in admin group to sudo
%admin ALL=(ALL) ALL
#run sudo /bin/find without having to provide a password.
%admin ALL=NOPASSWD: /bin/find
Then you could run your command like this:
Code:
sudo /bin/find / -name *.img*
I think that may be what you're looking for. I'm still a little vague on the details.
I'm not sure I understand your question any more. Are you asking how to circumvent permission limitations on directories for a user which has no permission? As far as I know the only user which can ignore that is root.
So to answer no, if the user doesn't have permission then they can't list the contents of the directory with find or any other tool.
*EDIT*: Ah I misunderstood. You could add them to an admin group or choose a group the user is already apart of.
/etc/sudoers
Code:
#allow users in admin group to sudo
%admin ALL=(ALL) ALL
#run sudo /bin/find without having to provide a password.
%admin ALL=NOPASSWD: /bin/find
Then you could run your command like this:
Code:
sudo /bin/find / -name *.img*
I think that may be what you're looking for. I'm still a little vague on the details.
Is there any benefits adding the user to admin group?
I can use below to achieve the same.
/etc/sudoers
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.