General discussion

Locked

Using VI editor with RCS

By sdsjr3 ·
I have a few users with superuser cabability on an HP-UX 10.x environment. On various files in the /etc dir. I am using the Revision Control System (RCS). The individuals with Root privileges have a habit of editing a file without "checking it out" first. When using RCS you execute a command such as co -l <filename> and that locks the file from being edited. But the file being edited is overwritten at this point. So if someone adds a filesystem to the fstab file for instance, without usingRCS that filesystem is erased from fstab and the previously saved version in RCS is now current. I like RCS, but I need to keep users from editing files without using it. I thought there was a way I could alias this in vi but to this point I haven't been able to find it. Any tips would be appreciated.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Using VI editor with RCS

by Stillatit In reply to Using VI editor with RCS

Standard answer 1 - these users should not have root access.

Standard answer 2 - these users should each have a separate non-privileged account which they use for all normal work, and only use their root account when absolutely needed.

Having gotten that off my chest, the reality is that sometimes you need a group of operators. Unfortunately, some users will not do it the right way if they can do it the easy way. You can make policies, beg, plead, etc., but unless you are in a position totell a user that if he pulls this trick you will pull his root privileges, you are out of luck.

Here are some things you can try, but in the final analysis they all depend on being able to trust your root users to do the right thing.
Policy - operator must sign a log book every time he logs in as root, and state why he had to do it.
Policy - operator must sign a log book every time he changes a file.
Policy - only one designated person is allowed to make any changes to <file list>
Removelogin ability for all root logins except the real one. Make users log in to own accounts, then su to a root account. This forces a record to the sulog so you can beat on anyone being root without cause.
Alias the vi command -- which is what you asked for, but is not really a good idea. To do this, move /usr/bin/vi to somewhere else, like /usr/bin/bin/vi. Create a script file, /usr/bin/vi which has the following lines:
#
/usr/bin/co -l $1
/usr/bin/bin/vi $1
/usr/bin/ci $1
# comment out the previous line if you do not want
#the file automatically checked back in.

Be sure to make the script executable.
The big problem with this solution is that it aliases vi for EVERYONE. You can set an alias in each operators' .profile file, pointing to a script that calls the real vi, or you can put in if statements to check for operators and only do the special stuff for them.

Good luck.

Back to Desktop Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums