How to get client's usernames or IDs instead of IP addresses in logs while running a built in python library http.server in unix server?

Question

I am using below command to create a simple http server so that end users can download files on the unix server directly using the URL. But this is kinda risky and i need to implement a user restriction process so that security is not compromised.

python -u -m http.server 8000 &> log_file & echo $! > pid_file

My plan is to capture the userids/usernames in the logs and then use a logic to ban those users from accessing the webserver session. But I am stuck at capturing the userids/names. Is there a way to implement this ? Or anybody has any other ways to achieve the end goal?

cat log_file 10.166.00.000 - - [16/Feb/2023 03:54:14] "Get / HTTPS/1.1" 200 - 10.166.22.000 - - [16/Feb/2023 03:54:14] "Get /Folder HTTPS/1.1" 200 -

expected output ~ something like this maybe, or as long as it captures username

10.166.00.000 - username1 - [16/Feb/2023 03:54:14] "Get / HTTPS/1.1" 200 - 10.166.22.000 - username2 - [16/Feb/2023 03:54:14] "Get /Folder HTTPS/1.1" 200 -

Answer 1

You could consider looking at

/etc/security/access.conf

to define privileges for remote access.

Example (buttoned-up host):

### Permit root login from local    
+:root:LOCAL localhost myHostName
#
###     Permit designated users to access from local
+:myUserName:LOCAL localhost myHostName
#
###     Permit all local services/users to access from local
#+:ALL:LOCAL localhost myHostName
+:ALL:LOCAL ALL
#
### Deny access to all from any remote
-:ALL:ALL

Example (allow remote access):

+:user20:ALL ALL +:user30:ALL ALL +:(group_name):ALL ALL

Also, you should look at:

/etc/ssh/ssh_config

Sample setup:

#####################################

###     Group 1 - Restrictive
    PermitRootLogin no                          ## OasisAdmin
    ForwardAgent no                             ## OasisAdmin
    ForwardX11 no                               ## OasisAdmin
    ForwardX11Trusted no                        ## OasisAdmin
    DenyUsers root                              ## OasisAdmin
    DenyGroups root                             ## OasisAdmin

###     Group 2 - Permissive
    AllowUsers nonexistent                      ## OasisAdmin
    AllowGroups nonexistent                     ## OasisAdmin

###     Deploy any modifications using:  systemctl restart sshd