Help to enchance unix tool..

Nagabhushan · December 18, 2007, 12:03am

HI friends ,

I was assigned to enhance tool in unix solaris...the tool is totaly developed on shell and perl scripts...

The tool is used to change control files....The users are of certain group..
due to many users some people are changing these control files directly by using editors ....they are not using tool to change control files.

In the tool it has feature that it will not allow multiple user to write at a time.
But other user can change by using editors ...So we need to stop this...

Please help me in this regard....

I thought file locking...but dont know how to implement...

Yogesh_Sawant · December 18, 2007, 12:35am

here is a good starter for you

Nagabhushan · December 18, 2007, 1:15am

Sorry yaar sawant i have tried but its not working..still the file open with editor.

porter · December 18, 2007, 1:45am

From the link above...

If a program does not care about locks it will not abide by them. Locks are an afterthought in UNIX, not fundamental like in Windows NT.

Yogesh_Sawant · December 18, 2007, 2:21am

you probably need make use of fcntl

for example, if you are using Perl, then refer to this

porter · December 18, 2007, 2:39am

But they don't stop user "joe" using editor "fred" to edit a file and ignore the locks.

Nagabhushan · December 18, 2007, 3:27am

is there any way to stop changing the file using editors...except

permissions...

porter · December 18, 2007, 3:34am

Some operating systems support Access Control Lists but they are really glorified permissions, it won't solve your requirement.

Yogesh_Sawant · December 18, 2007, 6:41am

in my opinion, you need to tell all people not to edit those files directly, and provide them access to your tools using which they can do the required editing (if your tools are good enough, then they may quit their old habits and start using the tools)

if you are going ahead with fcntl, this is a good place to visit

ramen_noodle · December 23, 2007, 3:12pm

Since mandatory file locking in *nix is somewhat, well, borked , you could use the common kludge of an independent lockfile for exclusive access per file. The trick there is
making bulletproof the removal of the same based on client behavior, implementing a timed wait, etc..Not impossible, but challenging.

prowla · December 23, 2007, 5:32pm

Could some lateral thinking work?

Perhaps you could save the file encrypted, so that editing it has to be a 2-stage process.
Of course, your would have to decrypt it for use too.

Alternatively, you could secure the file so it could not be edited, and then use sudo to access it.
If you did a wrapper on the front, then that could take care of locking.

Another option would be to use NFS to share the file, and then mount it back with extra controls.

Or perhaps you could make the control files binary, so that they need a front-end of your choice to edit.

Or maybe a version control system (eg. RCS) could be used to check in and out the file.

But at the end of the day, essentially you've got a security situation - directory and file permissions should be set so that only designated and authorised persons have access to (view/edit) files, and anything that circumvents this is badly designed and/or implemented.