Re: One login, several environments to use?
From: Ted Linnell (edlinnell_at_acslink.net.au)
Date: 04/27/05
- Next message: Jay: "CDE problem"
- Previous message: Antti H: "Re: One login, several environments to use?"
- In reply to: Antti H: "One login, several environments to use?"
- Next in thread: Antti H: "Re: One login, several environments to use?"
- Reply: Antti H: "Re: One login, several environments to use?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 27 Apr 2005 23:17:01 +1000
Antti H <gumfire@despammed.com> wrote:
>Hi,
>I have a situation. I have a server, where production is made for
>several clients. Each client has an environment (aliases, $PATH etc)
>different from others.
>Currently each user has a account to each clients environment. This is a
>security risk, passwords are kept simple etc.
>
>I want to be able to have one login for each user, allowing them to
>choose (login script?) the client they are going to work on, and then
>based on their selection load the appropriate variables etc.
>
>
>The Goal:
>
>to have one account per user, instead of one account for each client.
>each client must preserve their aliases and other environment funnythings.
>when logged in, a user can only do work for the selected client, because
>the environment is special for each.
>
>
>The problems:
>
>1)
>We could do this with hidden accounts where the script would
>`su - client1person4` account.
>
>This is bad because the number of accounts on the system would be
>unmanageable, where one person has 30 "logins".
>
>
>2)
>giving all client groups to user, and chrooting them to selected clients
>home dir.
>
>If only I could use chroot with the system on top, creating links to
>/bin etc is unacceptable.
>
>
>3)
>giving all groups to user, loading environment with the script.
>
>Yeah, right. Unacceptable, because users would compile even if told not
>to against when wrong clients environment loaded, which would lead into
>serious problems.
>
>
>
>I am stuck, since I do not know anything about managing unix
>environments. I ask you, humbly, please advice on proper methods, how is
>such scenarios handled in other places?
>
>TIA
>
>Antti H
Have done this before.
Had a system running several separate applications , each with its own
support team initially.
Each support user was assigned to 1 application group.
In /etc/profile we determined users primary group and ran the
appropriate environment set up script.
It was later decided to amalgamate support of severl apps into 1 team.
Each member of the team needed to be able to access each app, but only
1 app at a time.
We added the support users to all required groups.
Users logged in and got the env set up of their primary group.
To work on a different app user used the chgrp (or maybe newgrp
command, cant rember exactly and dont have access to UNIX at the
moment) to swap to a different primary group. This effectively logs
them in again and runs all profiles from /etc/profile, setting up the
environment of the new app.
Regards,
Ted.
==============================================================
| Ted Linnell <edlinnell@acslink.net.au> |
| |
| Nunawading, Victoria , Australia |
==============================================================
- Next message: Jay: "CDE problem"
- Previous message: Antti H: "Re: One login, several environments to use?"
- In reply to: Antti H: "One login, several environments to use?"
- Next in thread: Antti H: "Re: One login, several environments to use?"
- Reply: Antti H: "Re: One login, several environments to use?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
