Here is a quick way to enable a person to perform a specific task on a server without providing them with a login. With SOX requirements becoming stricter you cannot allow just anyone to obtain access to the server.

This script was created to allow Tech personnel to test a local CUPS printer without providing them complete access to the server. On the server you want to add the user or generic account to the server. However, instead of providing them with a shell “-s /bin/bash” you provide them with the name of the script, “-s /usr/local/bin/zebra_test_env.ksh.”

Here is the script that makes this work:

#!/bin/ksh
#Shell to test zebra printers with the techs login
#Define the Variables
AWK='/bin/awk'
LP='/usr/bin/lp -d '
TESTJOB="/usr/local/bin/zebra_exampl.txt"
LOOPOUT="exit"
PING='/bin/ping'
GREP='/bin/grep'

echo "nEnter the name of the Zebra Label Printer you want tested:n"
read X
grep $X /etc/printcap
ERR=$?
if [[ $ERR -gt 0 ]]
then
echo "Printer $X Not Found in Printcapn"
exit
fi
ping -c 3 $X
ERR=$?
if [[ $ERR -gt 0 ]]
if [[ $ERR -gt 0 ]]
then
echo "Printer needs to be turned on or connected to the network
n"
exit
fi
while [[ $LOOPOUT != "Next" ]]
do
case $X in
$X)
echo "Printer $X is on the network, sending test page...n"
lp -d  $X /usr/local/bin/zebra_exampl.txt
LOOPOUT="Next"
;;
*)
echo "nEnter the name of the Zebra Label Printer you want teste
d or exit to logout:n"
read X
;;
esac
done

In order to prevent a security breech you want the script to exit whenever the incorrect information is provided. Hope this helps in obtaining SOX compliance. You can modify the script to fit your needs.

The project was to present luns from the san server to all the nodes within a cluster for use by ASM. The required the SAN Administrator to present the luns to the device and the system administrator to do the rest.

1. Rescan the qla2xxx card. “echo ‘scsi-qlascan’ > /proc/scsi/qla2xx/# – channel number.
2. Make the devices visible to the OS: sudo rescan-scsi-bus.sh –ids=(id numbers) –luns=(lun numbers).
3. Format the devices. This is a vital step because ASM places a header on each device. If the old header is in place ASM will become confused, then you have real problems.
4. Place the lun IDs into /etc/multipath.conf.
5. Place the raw device names in /etc/raw
6. Change the permissions of the raw devices in /etc/udev/udev.permissions to oracle:dba.
7. Run /sbin/multipath -v2 to bring the devices into the device.
8. Run /etc/init.d/raw start, which will start the devices in raw.
9. Perform the steps for each node with the exception of step 3. The reason for excluding step 3 is because the same luns are being shared between all nodes.

Pretty simple when you know the method. Hope this helps and have fun.