This is the first episode of a mini series of Bash tips for Linux (in case you are wondering, yes, they are respectively my favorite shell and my favorite OS 😉 ).
Episode 1: Deal with personal accounts and file permissions
Episode 2: Have a smart environment for personal accounts
Epidode 3: Colour your terminal!
Episode 4: Use logging levels
Episode 5: Write the output to a logfile
Episode 6: Check the exit code
Episode 7: Cleanup on EXIT with a trap
Description:
Nowadays it is mandatory at many companies to log in on Linux servers with a personal account (either integrated with LDAP, kerberos or whatelse) to comply with strict auditing rules.
I need to be sure that I have an environment where my modifications do not conflict with my colleagues environment.
BAD:
1 2 3 4 5 6 7 8 9 10 11 12 |
-bash-4.1$ id uid=20928(ludo) gid=200(dba) groups=200(dba) -bash-4.1$ ls -lia total 8 8196 drwxrwxr-x 2 oracle dba 4096 Mar 15 15:14 . 2 drwxrwxrwt. 14 root root 4096 Mar 15 15:15 .. -bash-4.1$ vi script.sh ... edit here... -bash-4.1$ ls -l total 4 -rw-r--r-- 1 ludo dba 8 Mar 15 15:15 script.sh -bash-4.1$ |
the script has been created by me, but my colleagues may need to modify it! So I need to change the ownership:
1 2 3 |
$ chown oracle:dba script.sh chown: changing ownership of `script.sh': Operation not permitted $ |
But I can only change the permissions:
1 2 |
$ chmod 775 script.sh $ |
If I really want to change the owner, I have to ask to someone that has root privileges or delete the file with my account and create it with the correct one (oracle or something else).
GOOD:
- Set the setgid bit at the directory level
- Define an alias for my favorite editor that use sudoedit instead:
1 2 3 4 5 6 7 8 9 10 11 12 |
$ chmod 2751 . $ ls -lia total 4 8196 drwxr-s--x 2 oracle dba 4096 Mar 15 15:26 . $ alias vi='SUDO_EDITOR=/usr/bin/vim sudoedit -u oracle ' $ vi script.sh [sudo] password for ludo: ... edit here ... $ ls -l script.sh total 8 -rw-r--r-- 1 oracle dba 6 Mar 15 15:24 script.sh $ |
In case I need to modify other files with MY account, I can either use the full path (/usr/bin/vim) or define another alias:
1 |
alias vime="/usr/bin/vim" |