Unix/Linux Users Best Practices

This topic has 2 replies, 2 voices, and was last updated 10 years ago by Max Drown (Infor).

Creator

Topic
December 4, 2014 at 3:16 am #54481
Max Drown (Infor)
Keymaster
Unix/Linux Users Best Practices

* The sudo and su command provides a comprehensive audit trail

* Each successful authentication is logged to the file ”/var/log/messages”

* The command issued along with the issuer’s user name is logged to the file ”/var/log/secure”

* Add the ‘staff’ group to the ‘sudoers’ list

* ”visudo”

* Add this line: ”%staff ALL=(ALL) ALL”

* Make all files under $HCIROOT readable, writable, and executable to hci and the staff group

* ”chown -R hci:staff $HCIROOT”

* ”chmod -R u+rwx,g+rwxs,o-rwx $HCIROOT”

* The ‘s’ sets the setgid flag on the directory so that new files inherit the group ownership.

* Add all cloverleaf users and hci to the

-- Max Drown (Infor)
Creator

Topic

Viewing 1 reply thread

Author

Replies
- December 5, 2014 at 8:49 am #81660
  Mark Thompson
  Participant
  Hi Max
  
  Thanks for passing these along. Since the Cloverleaf installer requires root privileges (a source of contention with Unix admins), is there a reason the installer doesn’t perform this step:
  
  * Make hcienginerun, hcienginestop, hcisitectl and hciss readable, writable, and executable only to hci using ”chmod 700 $HCIROOT/bin/hcienginerun $HCIROOT/bin/hcienginestop $HCIROOT/bin/hcisitectl $HCIROOT/clgui/bin/hciss”
  
  - Mark Thompson
  HealthPartners
- December 5, 2014 at 3:09 pm #81661
  Max Drown (Infor)
  Keymaster
  I’ll submit that as an AR.
  
  There is already an AR to allow the the installation to be done by sudo instead of root directly. However, note that root can be obtained with “sudo su -” for users with the appropriate access.
  
  -- Max Drown (Infor)
Author

Replies

Viewing 1 reply thread

The forum ‘Operating Systems’ is closed to new topics and replies.