I run a HP-9000 system with HP-UX version 11.0 and Informix-4GL version 7.2. I run this system for the military. There was a security issue where only a select few could have the UID of "0". One of those individuals is me (I am the SA). My question is how can i setup my personnel to be able to execute certain system commands and not have the UID of "0"? One of the commands i want them to be able to do is run the System Adminstration Menu. Which would only require them to excute the Accounts for Users and Groups, which is adding and removing users. Also be able to execute the kill -9 command at the command prompt. Does anyone know a way for this to be done without giving the UID of "0"?? Please help if you can.

Thank-you

Jackie

You can configure 'sam' to allow access to specified menus to specified users. See the sam documentation or manpage for details. As far as running specific commands on the command line you would need 'sudo' or 'super'. I don't have links handy, search google to find them.

As PxT begins to explain, you can enable access control lists (ACLs) on HP-UX that provide many additional layers of access-control for HP-UX objects. This includes regular files, directories, system calls, etc. The use of ACLs is very powerful, but requires some experience to use effectively. BTW: ACLs are generally disabled by default and must be enabled (at the kernel level) and configured (at the adminstration level).