11-11-2007
Option 1. - sudo
sudo is a freeware tool that can be downloaded from many sites, maybe even your OS vendor's (Sun and HP provide it free of charge).
Option 2 - OS built-in facilities
I don't know AIX, but does it offer any role-based access (RBAC) facilities built-in?
Option 3 - setuid wrapper
The other way to achieve what you want is to implement a setuid front-end to your command. Depending upon your o/s you may be able to do this as a shell script or may have to resort to C programming (see the exec() system call, but do not use system()).
HOWEVER, BE VERY AWARE OF WHAT YOU ARE DOING HERE, BECAUSE IF IT IS BADLY WRITTEN THEN IT COULD BE A HUGE SECURITY LOOPHOLE!
And a word of warning
In particular, if you use this approach to invoke a command that can "shell out" (eg. vi, more, and so-on), then you are giving the user the ability to become root on your system.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Sorry for my poor english.
Unix is SCO ODT ver 3.0
Mine problem is :
when I login via some terminal emulator and type :
who am i
I see information like this :
username ttyp02 Feb 28 09:53
after logoff and type who command (from some other terminal)
I see that ttyp02 is still... (2 Replies)
Discussion started by: bane_yu
2 Replies
2. UNIX for Dummies Questions & Answers
I have a problem to....
(1).List the number of unique users that has active
processes.
(2).List the number of active processes for each of
the users in (1).
(3).Determine total memory usage for each user.
Help me please....thank you.
Best... (2 Replies)
Discussion started by: robocup
2 Replies
3. Shell Programming and Scripting
Hi, folks.
Sorry for bothering, but maybe someone could help me please.
The problem is the following:
there is some script that copies files from local file system to AFS. The copying is performed with dd command.
The script copies data into some AFS volumes.
The problem appeared with one... (0 Replies)
Discussion started by: Anta
0 Replies
4. UNIX for Dummies Questions & Answers
Hi,
I am triying to make sure that there exists only one file with the pattern abc* in path /path/. This directory is having many huge files. If there is only one file then I have to take its complete name only to use furter in my script.
I am planning to do like this:
if ; then... (2 Replies)
Discussion started by: new_learner
2 Replies
5. Solaris
Hi all
I use to run sql loader inside a script with usename and password written in syntax. Now when I use 'ps' command to know about the status of loading, it also shows username and password that I don't want to share with someone who is sitting with me. If you have any idea except encryption... (1 Reply)
Discussion started by: sanjay1979
1 Replies
6. Shell Programming and Scripting
Hello, excuse me for my english, i'm a french man.
I have a problem with the command tr in applescript (with the accent...in french we have a lot of accents), i have read that is a problem with the version 10.5 of leopard then i would want to download the version 10.4 of universal binary of tr... (1 Reply)
Discussion started by: protocomm
1 Replies
7. Red Hat
Please help me this script !!!!
Script
*****
a=2.0.0.0
b=1.0.0.0
#if test $a -ge $b
if
then
echo "A is Greater than B"
else
echo "B is Greater than A"
fi
i am getting following error
>sh abc
abc: line 6: [: 2.0.0.0: integer expression expected (8 Replies)
Discussion started by: ponmuthu
8 Replies
8. Shell Programming and Scripting
Hi guys,
first of all I would say that this is my first time I write in a Forum.
I've read the "forum rules" and I hope i will respect them.
I searched everywhere for the solution of my problem but I didn't find anything.
Here my problem:
I'm using a sap job scheduler: in a particular job... (7 Replies)
Discussion started by: Antcam
7 Replies
9. Shell Programming and Scripting
Hi friends,
Today I found one strange behaviour of the tr command.
I used the following command:
echo "NEE"|tr
Sometimes it was giving "nee" as ouput . sometimes it was giving "NEE" as output.
Finally I used the below code:
echo "NEE"|tr "" ""
... and it gave me the correct... (17 Replies)
Discussion started by: neelmani
17 Replies
10. AIX
exec(): 0509-036 Cannot load program /usr/opt/freeware/bin/rpm because of the following errors:
0509-022 Cannot load module /opt/freeware/lib/libintl.a(libintl.so.1).
0509-150 Dependent module /opt/freeware/lib/libiconv.a(shr4.o) could not be loaded.
0509-152 Member... (4 Replies)
Discussion started by: Ohmkar
4 Replies
SETUID(1) General Commands Manual SETUID(1)
NAME
setuid - run a command with a different uid.
SYNOPSIS
setuid username|uid command [ args ]
DESCRIPTION
Setuid changes user id, then executes the specified command. Unlike some versions of su(1), this program doesn't ever ask for a password
when executed with effective uid=root. This program doesn't change the environment; it only changes the uid and then uses execvp() to find
the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)
For example,
setuid some_user $SHELL
can be used to start a shell running as another user.
Setuid is useful inside scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be
used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a
super command that simply does:
cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file
(Note: don't use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it's kept in a
temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected
file.)
AUTHOR
Will Deich
local SETUID(1)