Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: svmon and root
Operating Systems AIX svmon and root Post 302106248 by chlawren on Wednesday 7th of February 2007 10:51:10 AM
Old 02-07-2007
svmon and root
I am configuring a script to be run as nagios user and want to run the command svmon however the privilages of svmon are

-r-x------ root system svmon

how can i configure this so nagios can run svmon?

using acls?

any idea's?


Thanks

Chris.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

2. Linux

how to access root priveliges if root password is lost

wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies

3. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

4. AIX

PGSP value in svmon command on AIX 5.3

I am facing an issue with memory management in AIX 5.3. My Process crashes with malloc/calloc failure. But it is allocating and freeing all the memory when required. I have run svmon command for several times and found that pgsp value is growing continuosly. here is the output for two times taken... (6 Replies)
Discussion started by: SBatra
6 Replies

5. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

6. Solaris

Lost Root Password on VXVM Encapsulated Root Disk

Hi All Hope it's okay to post on this sub-forum, couldn't find a better place I've got a 480R running solaris 8 with veritas volume manager managing all filesystems, including an encapsulated root disk (I believe the root disk is encapsulated as one of the root mirror disks has an entry under... (1 Reply)
Discussion started by: sunnyd76
1 Replies

7. Solaris

Migration of system having UFS root FS with zones root to ZFS root FS

Hi All After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies

8. SuSE

Auditors want more security with root to root access via ssh keys

I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner: 1) Remote root access is turned off in the sshd_config file. 2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies

9. Shell Programming and Scripting

Find users with root UID or GID or root home

I need to list users in /etc/passwd with root's GID or UID or /root as home directory If we have these entries in /etc/passwd root:x:0:0:root:/root:/bin/bash rootgooduser1:x:100:100::/home/gooduser1:/bin/bash baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies

10. UNIX for Dummies Questions & Answers

Can you gain root privileges if the suid program does not belong to root?

I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way? I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies

LEARN ABOUT CENTOS

nagios_checkdisk_plugin_selinux

nagios_checkdisk_plugin_selinux(8)		      SELinux Policy nagios_checkdisk_plugin			nagios_checkdisk_plugin_selinux(8)

NAME

       nagios_checkdisk_plugin_selinux - Security Enhanced Linux Policy for the nagios_checkdisk_plugin processes

DESCRIPTION

       Security-Enhanced Linux secures the nagios_checkdisk_plugin processes via flexible mandatory access control.

       The  nagios_checkdisk_plugin  processes	execute with the nagios_checkdisk_plugin_t SELinux type. You can check if you have these processes
       running by executing the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep nagios_checkdisk_plugin_t

ENTRYPOINTS

       The nagios_checkdisk_plugin_t SELinux type can be entered via the nagios_checkdisk_plugin_exec_t file type.

       The default entrypoint paths for the nagios_checkdisk_plugin_t domain are the following:

       /usr/lib/nagios/plugins/check_disk, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart,  /usr/lib/nagios/plug-
       ins/check_linux_raid

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux nagios_checkdisk_plugin policy is very flexible allowing users to set-
       up their nagios_checkdisk_plugin processes in as secure a method as possible.

       The following process types are defined for nagios_checkdisk_plugin:

       nagios_checkdisk_plugin_t

       Note: semanage permissive -a nagios_checkdisk_plugin_t can be used to make the process type nagios_checkdisk_plugin_t  permissive.  SELinux
       does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux	policy is customizable based on least access required.	nagios_checkdisk_plugin policy is extremely flexible and has several bool-
       eans that allow you to manipulate the policy and run nagios_checkdisk_plugin with the tightest access possible.

       If you want to deny any process from ptracing or debugging any other processes, you must  turn  on  the	deny_ptrace  boolean.  Enabled	by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If  you	want  to  allow  all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy governs the access confined processes have to these files.  SELinux nagios_checkdisk_plugin policy is very flexible  allowing  users
       to setup their nagios_checkdisk_plugin processes in as secure a method as possible.

       STANDARD FILE CONTEXT

       SELinux	defines  the file context types for the nagios_checkdisk_plugin, if you wanted to store files with these types in a diffent paths,
       you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t nagios_checkdisk_plugin_exec_t '/srv/nagios_checkdisk_plugin/content(/.*)?'
       restorecon -R -v /srv/mynagios_checkdisk_plugin_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for nagios_checkdisk_plugin:

       nagios_checkdisk_plugin_exec_t

       - Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain.

       Paths:
	    /usr/lib/nagios/plugins/check_disk, 	 /usr/lib/nagios/plugins/check_disk_smb,	  /usr/lib/nagios/plugins/check_ide_smart,
	    /usr/lib/nagios/plugins/check_linux_raid

       Note:  File context can be temporarily modified with the chcon command.	If you want to permanently change the file context you need to use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), nagios_checkdisk_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

nagios_checkdisk_plugin 					     14-06-10					nagios_checkdisk_plugin_selinux(8)
All times are GMT -4. The time now is 05:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy