KrazyWorks » Substitute Commands Depending on User ID

December 27, 2011 – 12:22 am | 3 Comments

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

Read the full story »

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells

Substitute Commands Depending on User ID

Submitted by Igor on September 9, 2010 – 2:44 pmNo Comment

Here is a quick example of how to substitute system commands based on who tries to run them. A customer of mine has recently deployed a security audit application on his servers. The application has a few bugs that the vendor has not yet resolved.

For example, the security audit agent looks at the output of the “mount” command to see if any filesystems are mounted without the “nosuid” option. However, there is a bug in the audit tool and it fails to exclude certain filesystems where “nosuid” option should not be used.

Until the problem with the audit tool is fixed, we wanted to disable this particular test on per-server basis. This could not be done centrally from the audit application and had to be done locally on each client node.

The idea was simple: the audit tool runs under “bigbro” username and we wanted the “mount” command to behave differently for that user.

Step one was to move /bin/mount to /bin/mount_orig. Then we created a new /bin/mount containing the following shell script:

#!/bin/sh
if [ `id -un` == "bigbro" ]
then
     echo ""
else
     /bin/mount_orig $*
fi

Then we just chmod 755 /bin/mount and “bigbro” was no longer able to annoy us with false non-compliance reports. Very unprofessional, I know, but what’cha gonna do?

Popularity: 1% [?]

Applications »

OpenSUSE 11.4 Installation Overview

After enjoying taking apart Microsoft’s “cloud” Office 365 for the numerous shortcomings of its installation process, having to do the same for my favorite Linux distro – openSUSE – is rather upsetting. OpenSUSE installation routine went from nearly-flawless in 11.1 to mildly annoying in 11.3, arriving to moderately obnoxious in 11.4. What happened? Same as with Microsoft, poor installation workflow is to blame. One can always feel when desktop support people take over workflow tasks from server admins.

More articles »

Commands & Shells »

Compress Old Log Files on Linux

Most log files located in /var/log are part of the log rotation and will be compressed automatically. However, in many cases various user applications maintain log files outside of /var/log. These logs are not managed …

More articles »

Data »

Adding LUNs to VXVM on Linux

The following is a brief overview of the process for adding LUNs to VXVM under Linux. In our example we have an RHEL 5 server with existing LUNs and VXVM volume groups. Two new LUNs with multipathing were allocated from SAN and need to be added to the system to grow one of the volumes and the corresponding filesystem.

More articles »

Hardware »

Quick Review: Boxee Box

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

More articles »

Monitoring »

Simple Host Monitoring with SSH

Sometimes you just need something very simple to monitor a server or an application on a temporary basis. A basic ping monitor is fine, but it will only tell you if a server is responding on the network. It will not tell you if there is some other problem on the system. The script below relies on passwordless SSH setup to periodically log into the monitored nodes and check on their health by executing a local or remote script.

More articles »

Networking »

Red Hat: Changing Hostname and IP

Changing hostname and IP is frequently required when a server is being moved from testing or development to production. The process is a fairly simple one, but steps must be performed in a certain order to avoid complications.

More articles »

Scripts »

Windows Network Troubleshooting Script

I try my best to stay away from Windows. I wish my clients did the same. The usual difficulty of troubleshooting elusive network performance problems is amplified many-fold when there is a Windows computer at the end of the line. With Unix it’s relatively simple: run tests “a”, “b”, “c”, etc and follow the familiar process of elimination. With Windows in the picture the number of steps uses up all of the English alphabet and spills over well into the Russian one. And when you finally reach step “я”, you have to pull out your Chinese dictionary.

More articles »

Sponsor a Valve On Colossus
mikejuk writes "The UK's National Museum of Computing has come up with a novel idea to raise funds for its new gallery for its rebuilt Colossus computer — you can sponsor a valve. All you have to do is buy a small area in a picture of Colossus (at £0.1 per pixel — min £10), upload a picture to occupy the space, set a URL and pay using PayPal." […]
IBM Seeks Patent On Judging Programmers By Commits
theodp writes "How'd you like to be deemed unworthy of a job based upon a scan of your GitHub updates? That's what proposed in a newly-published IBM patent application for Automated Analysis of Code Developer's Profile, which proposes weeding out developer candidates for certain roles based on things like the amount of changes one typical […]
Therapy Over IP Draws the Young, Isolated
Lucas123 writes "Psychiatrists say VoIP technology is more popular with patients than even in-person therapy when it comes to counseling — especially for their younger patients who are less intimidated by it. Along with many patients who like the convenience, telepsychiatry is a necessity for others who live in rural areas or are in, prisons, nursing ho […]

Server Info

Server:	rowen.accountservergroup.com
OS    :	Red Hat 4.1.2-50
Kernel:	Linux 2.6.18-338.12.1.el5.lve0.8.34
Arch  :	64-bit OS running on 64-bit hardware 
CPU(s):	2 x 4-core Intel Xeon CPU E5620@ 2.40GHz
RAM   :	23Gb (99% used), 16 x 1Gb DIMMs
Swap  :	6Gb (0% used), paging in/out: 0/0
Uptime:	23 days
Load  :	.13, .14, .16
CPU % :	8 CPU cores at 16% combined utilization
Disk  :	util, svc time - sda: %, ms; 
Apps  :	MySQL 5.0.91, Perl 5.8.8
Issues:	occasional RAM shortages