06-26-2007
RBAC: create a user to shut the server
Hi,
I have created a user to shutdown the server using RBAC.
Here are my steps:
1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys
2. passwd stopsys
3. edit /etc/security/prof_attr to include:
Shut:::able to shut the server:
4. modrole -P Shut stopsys
5. useradd -u 1001 -g 10 -d /home/user10 -m -R stopsys -s /bin/ksh user10
6. passwd user10
edit /etc/security/exec_attr to include:
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0
Now, when I login & execute the shutdown cmd, I get this:
/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown
But the relavent files have been updated as follows:
#tail -1 /etc/security/prof_attr
Shut:::Shutdown the Server:
# tail -2 /etc/user_attr
stopsys::::type=role;profiles=Shut
user10::::type=normal;roles=stopsys
# tail -1 /etc/security/exec_attr
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0
Would you be able to find the issue here ?
Thanks in advance.
Chaandana
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi all,
I am using Sun Solaris 9 .In this system normal users unable to create files from the command line.I added these users in bin,adm and even root group i found them unable to create a file. (1 Reply)
Discussion started by: mallesh
1 Replies
2. Linux
Hi all,
What the difference between the sudo users & RBAC when the talk of effects after doing the above comes???
any differences between them ,kindly list ?? (1 Reply)
Discussion started by: saurabh84g
1 Replies
3. Solaris
Hello All
I just want to know how to Shut Down the Solaris Machines( Servers ) for Maintainance and then Start Up the Machines ( Servers ) .
I think I will have to Log In as root to do that .
Also how do i Check if all the services running on that server before shut down are running... (6 Replies)
Discussion started by: supercops
6 Replies
4. Solaris
Hello everyone,
I have been trying to find a way to setup a directory server working with RBAC on Solaris. I will try to figure out my environment and my concerns. Here we go :
- I have Unix servers mostly running Solaris 10 and 9 in my environment.
- I have users/user groups that need to... (4 Replies)
Discussion started by: niyazi
4 Replies
5. Ubuntu
Hi,
Anyone can help me on how to duplicate privileges and group for useroradb01 to userrootdb01. I have currently using "useroradb01" and create a newly user "userrootdb01".
I want both in the sames privileges and group. Please see the existing users list below;
drwxr-xr-x 53 useroradb01... (0 Replies)
Discussion started by: fspalero
0 Replies
6. Homework & Coursework Questions
first off let me introduce myself. My name is Eric and I am new to linux, I am taking an advanced linux administration class and we are tasked with creating a script to add new users that anyone can run, has to check for the existence of a directory. if the directory does not exist then it has... (12 Replies)
Discussion started by: pbhound
12 Replies
7. Ubuntu
Is there any way to create an SMTP mail server will all granular permissions to it so that I can read emails which that server receives through any scripting language and also reply from the same server automatically? (3 Replies)
Discussion started by: sandeepcm
3 Replies
8. Shell Programming and Scripting
Can someone help in writing some script through which I can transfer file (scp) from root user in abc server to crt user in hfg server and can give the crt user password in script itself so that it doesn't prompt me every time for password (4 Replies)
Discussion started by: Moon1234
4 Replies
9. Solaris
Hi
I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this.
Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies
userdel(1M) System Administration Commands userdel(1M)
NAME
userdel - delete a user's login from the system
SYNOPSIS
userdel [-r] login
DESCRIPTION
The userdel utility deletes a user account from the system and makes the appropriate account-related changes to the system file and file
system.
OPTIONS
The following options are supported:
-r Remove the user's home directory from the system. This directory must exist. The files and directories under the home directory
will no longer be accessible following successful execution of the command.
OPERANDS
The following operands are supported:
login An existing login name to be deleted.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
2 Invalid command syntax. A usage message for the userdel command is displayed.
6 The account to be removed does not exist.
8 The account to be removed is in use.
10 Cannot update the /etc/group or /etc/user_attr file but the login is removed from the /etc/passwd file.
12 Cannot remove or otherwise modify the home directory.
FILES
/etc/passwd system password file
/etc/shadow system file contain users' encrypted passwords and related information
/etc/group system file containing group definitions
/etc/user_attr system file containing additional user attributes
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), passwd(1), profiles(1), roles(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), roleadd(1M), rolemod(1M),
useradd(1M), userdel(1M), usermod(1M), passwd(4), prof_attr(4), user_attr(4), attributes(5)
NOTES
The userdel utility only deletes an account definition that is in the local /etc/group, /etc/passwd, /etc/shadow, and /etc/user_attr file.
file. If a network name service such as NIS or NIS+ is being used to supplement the local /etc/passwd file with additional entries, userdel
cannot change information supplied by the network name service.
SunOS 5.10 8 Sep 1999 userdel(1M)