0
I work in a company. My team has 15 members. All of share a single server. This is managed by our IT team. All of us have one login id/pw. We can do sudo operations on it.
Since, people use screen/tmux and everyone logs in via the same credentials, we are unable to track what people are doing. This may lead to people deleting logs, other data by people. When people use screen/tmux, then they may modify .bash_history to soil the crime scene.
We want a solution for the following requirements:
- One of us (the leader) will have the access to the user id/pw. The
rest will login via token. So as to stop unwanted
sudoaccess. - We don't want multiple users on the system, as IT team doesn't want headache.
- We want a software running (like jumphost) on login via ssh. Whenever one of us 15 login via the user credentials, it will ask a teamuserid/teamuserpw. I don't know if this is possible via identifiable tokens.
- This is more like giving everyone who logs in a
screeninstance with seperate sh/bash/zsh logs, etc. that the leader can check. - Users should be able to read and write only specific files and directories.
I understand what we seek is a another user-session-login management system that linux provides. But due to some limitations, we want to run a similar thing inside a user.
canonball
Posted 2019-06-06T11:03:17.573
Reputation: 1
1Can you expand on why you can't have multiple users? That is exactly what you should be doing. I can't understand why a responsible IT team could call this a headache. – Joe P – 2019-06-06T11:44:50.343
All access checks in Linux are done per "Linux user". Even if you find some way to mimick some subdivision of a given user, people in each subdivision will still have rights over the whole thing, and can defeat it. I'm with @JoeP, if your IT can't give you an id per person, change the IT... – xenoid – 2019-06-06T12:26:56.837
Note if you can use the "official" id to
sudo, you can use it to define non-privileged ids (but plain Linux users) for other people. – xenoid – 2019-06-06T12:28:38.527