Who have previously accessed a shared file?
up vote
-1
down vote
favorite
I just discovered a mistake in the permissions setting of our system. It's kind of serious because it allows normal users to access something they shouldn't see. Currently the mistake has been fixed, but I wonder how many users have ever accessed these files. By "accessing", I mean reading from it, for example, vi (without saving), less, cat, cp, scp, ...
One strategy I can think of is greping through users' ~/.history files, but they could have deleted the relevant commands.
permissions security users command-history access-control
edited 2 days ago
G-Man
12.4k93062
asked Dec 5 at 19:49
nalzok
69115
add a comment |
up vote
-1
down vote
favorite
I just discovered a mistake in the permissions setting of our system. It's kind of serious because it allows normal users to access something they shouldn't see. Currently the mistake has been fixed, but I wonder how many users have ever accessed these files. By "accessing", I mean reading from it, for example, vi (without saving), less, cat, cp, scp, ...
One strategy I can think of is greping through users' ~/.history files, but they could have deleted the relevant commands.
permissions security users command-history access-control
edited 2 days ago
G-Man
12.4k93062
asked Dec 5 at 19:49
nalzok
69115
May I ask why the downvote?
– nalzok
2 days ago
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I just discovered a mistake in the permissions setting of our system. It's kind of serious because it allows normal users to access something they shouldn't see. Currently the mistake has been fixed, but I wonder how many users have ever accessed these files. By "accessing", I mean reading from it, for example, vi (without saving), less, cat, cp, scp, ...
One strategy I can think of is greping through users' ~/.history files, but they could have deleted the relevant commands.
permissions security users command-history access-control
edited 2 days ago
G-Man
12.4k93062
asked Dec 5 at 19:49
nalzok
69115
I just discovered a mistake in the permissions setting of our system. It's kind of serious because it allows normal users to access something they shouldn't see. Currently the mistake has been fixed, but I wonder how many users have ever accessed these files. By "accessing", I mean reading from it, for example, vi (without saving), less, cat, cp, scp, ...
One strategy I can think of is greping through users' ~/.history files, but they could have deleted the relevant commands.
permissions security users command-history access-control
permissions security users command-history access-control
edited 2 days ago
G-Man
12.4k93062
asked Dec 5 at 19:49
nalzok
69115
edited 2 days ago
G-Man
12.4k93062
asked Dec 5 at 19:49
nalzok
69115
edited 2 days ago
G-Man
12.4k93062
edited 2 days ago
G-Man
12.4k93062
edited 2 days ago
G-Man
12.4k93062
12.4k93062
asked Dec 5 at 19:49
nalzok
69115
asked Dec 5 at 19:49
nalzok
69115
asked Dec 5 at 19:49
nalzok
69115
69115
May I ask why the downvote?
– nalzok
2 days ago
add a comment |
May I ask why the downvote?
– nalzok
2 days ago
May I ask why the downvote?
– nalzok
2 days ago
May I ask why the downvote?
– nalzok
2 days ago
add a comment |
1 Answer
1
active
oldest
votes
up vote
4
down vote
accepted
If you didn't have some sort of auditing mechanism
in place at the time the file's permissions were wrong,
it's pretty much impossible.
While your idea of searching the users' history files is not a terrible one
(if you don't have concerns over the ethical and privacy issues),
a simple grep won't find things like
cd (directory_where_file_is)or cases where the user said
ls -l
less *
vi (some_random_file),and then did
:e (the_sensitive_file)from within
vi.answered Dec 5 at 22:00
G-Man
12.4k93062
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
If you didn't have some sort of auditing mechanism
in place at the time the file's permissions were wrong,
it's pretty much impossible.
While your idea of searching the users' history files is not a terrible one
(if you don't have concerns over the ethical and privacy issues),
a simple grep won't find things like
cd (directory_where_file_is)or cases where the user said
ls -l
less *
vi (some_random_file),and then did
:e (the_sensitive_file)from within
vi.answered Dec 5 at 22:00
G-Man
12.4k93062
add a comment |
up vote
4
down vote
accepted
If you didn't have some sort of auditing mechanism
in place at the time the file's permissions were wrong,
it's pretty much impossible.
While your idea of searching the users' history files is not a terrible one
(if you don't have concerns over the ethical and privacy issues),
a simple grep won't find things like
cd (directory_where_file_is)or cases where the user said
ls -l
less *
vi (some_random_file),and then did
:e (the_sensitive_file)from within
vi.answered Dec 5 at 22:00
G-Man
12.4k93062
add a comment |
up vote
4
down vote
accepted
up vote
4
down vote
accepted
If you didn't have some sort of auditing mechanism
in place at the time the file's permissions were wrong,
it's pretty much impossible.
While your idea of searching the users' history files is not a terrible one
(if you don't have concerns over the ethical and privacy issues),
a simple grep won't find things like
cd (directory_where_file_is)or cases where the user said
ls -l
less *
vi (some_random_file),and then did
:e (the_sensitive_file)from within
vi.answered Dec 5 at 22:00
G-Man
12.4k93062
If you didn't have some sort of auditing mechanism
in place at the time the file's permissions were wrong,
it's pretty much impossible.
While your idea of searching the users' history files is not a terrible one
(if you don't have concerns over the ethical and privacy issues),
a simple grep won't find things like
cd (directory_where_file_is)or cases where the user said
ls -l
less *
vi (some_random_file),and then did
:e (the_sensitive_file)from within
vi.answered Dec 5 at 22:00
G-Man
12.4k93062
answered Dec 5 at 22:00
G-Man
12.4k93062
answered Dec 5 at 22:00
G-Man
12.4k93062
answered Dec 5 at 22:00
G-Man
12.4k93062
12.4k93062
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486226%2fwho-have-previously-accessed-a-shared-file%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
May I ask why the downvote?
– nalzok
2 days ago