Read privilieges and command privileges in Takanga

[alexandroscgb]

Hi.

I'm new in this forum and I'm glad I found it.

I need to know if there is a way to restrict access for a user in Linux (Red Hat 5 - Tikanga) for a particular folder and its subfolders, with only read privileges, plus restrictions to certain commands.

The problem is that in my company the burocracy is enormous and I don't have access to logs in real time; I have to wait an hour for logs to be compress and put in some other server. This dimishes service levels and also is pretty frustating. The reason, one among others, for that restriction, is that if they give me some user to access folders in that environment I could make the spool process collapse by viewing some 10GB file and screw up the entire machine. Other than that, is a matter of pure intransigence.

I have to demonstrate to them that, somehow, through some app, access can be block to vi if the file is greater than some size threshold.

Thanks!

[atreyu]

well just addressing the vi issue, you can create a function called vi that will check the size of the file, before opening it. you can put the function in a Bash profile script that gets sourced at login, and when "vi <FILE>" is run, the file size will first be checked. you can set the max file size in the code. here's an example:

Code:

vi(){
  local vi_bin='/bin/vim' # path to vi binary
  local max='300'         # max file size, in bytes

  # if no arguments were given, just run vi
  [ $# -eq 0 ] && $vi_bin && return

  local file=$1

  # get file size
  local bytes=$(stat -c %s $file)
  if [ $bytes -gt $max ]; then
    echo "File $file is $bytes bytes - too buku!"
    return 1
  fi
  $vi_bin $file
}

i set the max file size very small (300 bytes) for testing purposes. you'd want to change that, of course.

you'll also want to set the vi_bin variable to the path of vi/vim on your system.

to test, just stick it in a file called vi-test.sh, then source it, e.g.:

Code:

. vi-test.sh

then try to vi a file, e.g.:

Code:

vi /path/to/bigfile.txt

you can then stick it in your ~/.bashrc file, so you'll always call it, or in /etc/profile.d/vim-max.sh, so everyone who logs in calls it (they may not like that though...)

Note: this is a very simple/crude function. it assumes that the first argument to vi is the filename (not an unreasonable assumption) and it ignores all other arguments. if you want to go ahead with this method, you would want to hack the code to honor the other switches the user might pass to vi.

[alexandroscgb]

Thank you so much, Atreyu.

I'll keep this thread posted when they let me do this.

Cool username