Hi Jose,
Thank you for the information. This is really good information to have. The issue I have is that the operators use an application to automatically download the file from the system using sftp. I have try copying and SFTPing the file myself but cannot do it.
I ran a test on the file last night and changed the permissions to 644 and I was able to sftp the file. I wanted to keep the same permissions on the file but I am not sure if this is possible. I sent the information to my manager and waiting for his approval to change the permissions on that file.
Thanks again for your help.
------------------------------
Manny Rivera
------------------------------
Original Message:
Sent: Tue March 14, 2023 06:10 AM
From: José Pina Coelho
Subject: How to FTP sulog file for archival purpose
What you should do is automate that task instead of fiddling with permissions to allow an operator to access one file (which doesn't really scale).
What you can do to give him access:
- You can add him to the sudoers file with the ability to run a single command (cat /var/adm/sulog)
- You can add an ACL to the file that gives him read-only access (see aclget, aclput, actledit) (you may want to do this daily, otherwise the ACL may be lost every time the file rotates)
- You can run a daily script on root's crontab:
#!/usr/bin/ksh
[ -r /var/adm/sulog.oper ] && rm -f /var/adm/sulog.oper
cp /var/adm/sulog /var/adm/sulog.oper
chown operator /var/adm/sulog.oper
------------------------------
José Pina Coelho
IT Specialist at Kyndryl
Original Message:
Sent: Mon March 13, 2023 08:04 PM
From: Manny Rivera
Subject: How to FTP sulog file for archival purpose
I need some help with the following...
We have computer operator who doesn't have access to the root or ability to use the su command, but we need him to be able to download the /var/adm/sulog file. I noticed that the file currently has the 600 permissions on it and doesn't allow anyone to download the file unless you are using the root account.
The objective is to be able to download the file from the AIX system to a Windows server for archival and retrieval purposes. I tried adding the user to the adm directory but he wasn't able to download the file. I also tried setting the permissions on the file to 640 and 660 but he wasn't able to download the file.
Do you guys have any ideas on how to accomplish this task? Do I need to change the permissions on the file and give Other/World permission to the file?
Any help or information would be appreciated.
------------------------------
Manny Rivera
------------------------------