Unix/Linux Users Best Practices

[Max Drown (Infor)]

Unix/Linux Users Best Practices

 * The sudo and su command provides a comprehensive audit trail

   * Each successful authentication is logged to the file ”/var/log/messages”

   * The command issued along with the issuer’s user name is logged to the file ”/var/log/secure”

 * Add the ‘staff’ group to the ‘sudoers’ list

   * ”visudo”

   * Add this line: ”%staff ALL=(ALL) ALL”

 * Make all files under $HCIROOT readable, writable, and executable to hci and the staff group

   * ”chown -R hci:staff $HCIROOT”

   * ”chmod -R u+rwx,g+rwxs,o-rwx $HCIROOT”

     * The ‘s’ sets the setgid flag on the directory so that new files inherit the group ownership.

 * Add all cloverleaf users and hci to the

-- Max Drown (Infor)

Topic

[Mark Thompson]

Hi Max

Thanks for passing these along.  Since the Cloverleaf installer requires root privileges (a source of contention with Unix admins), is there a reason the installer doesn’t perform this step:

* Make hcienginerun, hcienginestop, hcisitectl and hciss readable, writable, and executable only to hci using ”chmod 700 $HCIROOT/bin/hcienginerun $HCIROOT/bin/hcienginestop $HCIROOT/bin/hcisitectl $HCIROOT/clgui/bin/hciss”

- Mark Thompson
HealthPartners

[Max Drown (Infor)]

I’ll submit that as an AR.

There is already an AR to allow the the installation to be done by sudo instead of root directly. However, note that root can be obtained with “sudo su -” for users with the appropriate access.

-- Max Drown (Infor)

[Author]

Replies