AIX

 View Only
Expand all | Collapse all

How to FTP sulog file for archival purpose

  • 1.  How to FTP sulog file for archival purpose

    Posted Mon March 13, 2023 08:05 PM

    I need some help with the following...

    We have computer operator who doesn't have access to the root or ability to use the su command, but we need him to be able to download the /var/adm/sulog file. I noticed that the file currently has the 600 permissions on it and doesn't allow anyone to download the file unless you are using the root account. 

    The objective is to be able to download the file from the AIX system to a Windows server for archival and retrieval purposes. I tried adding the user to the adm directory but he wasn't able to download the file. I also tried setting the permissions on the file to 640 and 660 but he wasn't able to download the file. 

    Do you guys have any ideas on how to accomplish this task? Do I need to change the permissions on the file and give Other/World permission to the file?

    Any help or information would be appreciated.



    ------------------------------
    Manny Rivera
    ------------------------------


  • 2.  RE: How to FTP sulog file for archival purpose

    IBM Champion
    Posted Tue March 14, 2023 06:11 AM

    What you should do is automate that task instead of fiddling with permissions to allow an operator to access one file (which doesn't really scale).

    What you can do to give him access:
    - You can add him to the sudoers file with the ability to run a single command (cat /var/adm/sulog)
    - You can add an ACL to the file that gives him read-only access (see aclget, aclput, actledit)  (you may want to do this daily, otherwise the ACL may be lost every time the file rotates)
    - You can run a daily script on root's crontab:

    #!/usr/bin/ksh 

    [ -r /var/adm/sulog.oper ] && rm -f /var/adm/sulog.oper
    cp /var/adm/sulog /var/adm/sulog.oper
    chown operator /var/adm/sulog.oper



    ------------------------------
    José Pina Coelho
    IT Specialist at Kyndryl
    ------------------------------

    Original Message


  • 3.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 07:45 AM

    Also, don't use unencrypted FTP. Use SFTP instead. 



    ------------------------------
    Anthony Cascianelli
    ------------------------------

    Original Message


  • 4.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 11:53 AM

    Hi Anthony,

    Thanks for the reply. We are using SFTP for this transfer.



    ------------------------------
    Manny Rivera
    ------------------------------

    Original Message


  • 5.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 11:51 AM

    Hi Jose,

    Thank you for the information. This is really good information to have. The issue I have is that the operators use an application to automatically download the file from the system using sftp. I have try copying and SFTPing the file myself but cannot do it.

    I ran a test on the file last night and changed the permissions to 644 and I was able to sftp the file. I wanted to keep the same permissions on the file but I am not sure if this is possible. I sent the information to my manager and waiting for his approval to change the permissions on that file.

    Thanks again for your help.



    ------------------------------
    Manny Rivera
    ------------------------------

    Original Message


  • 6.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 10:02 AM

    We have bunches of crontab entries to email stuff (stdout/stderr from command invocations, logs, whatever...) to folks each day.



    ------------------------------
    Anker Lerret
    Blue Cross Blue Shield of Massachusetts
    ------------------------------

    Original Message


  • 7.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 11:54 AM

    Hi Anker,

    That's a great idea. I should look into that.

    Thanks!



    ------------------------------
    Manny Rivera
    ------------------------------

    Original Message


  • 8.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 12:06 PM

    May be give him read only access to back up the data – for other.




    Original Message


  • 9.  RE: How to FTP sulog file for archival purpose

    Posted Tue March 14, 2023 02:47 PM

    Hi Minesh,

    I went ahead and tested this last night and it worked. I am just waiting to hear back from my manager to either apply this change or look for another option. Ideally, I would like to create a schedule job to send the file to the Windows server automatically so that way we don't need to get the Computer Operators involved.

    Thanks for your input. I appreciate it.



    ------------------------------
    Manny Rivera
    ------------------------------

    Original Message


  • 10.  RE: How to FTP sulog file for archival purpose

    Posted Thu April 06, 2023 04:11 PM

    Hello everyone,
    I forgot to update this question. I was able to get this resolved. I ended up creating a schedule job in cron where it first changes the permissions on the file and then copies the file to the target folder with a new name. Here is how the schedule job looks: 
    02 00 * * * chmod go+r /var/adm/sulog && scp /var/adm/sulog /TEMP/"000000_SuperUser Log_$(date +\%m\%d\%y)"

    I hope this helps someone having the same issue.

    Thank you everyone for your help with this question.



    ------------------------------
    Manny Rivera
    ------------------------------

    Original Message