11-14-2007
ok i think i got it but i am getting an error saying
pfexec: permission denied?
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi gurus:
I have not come accross any links on the internet that shows how to set up logging in RBAC and also is it possible to get the granularity and simplicity of sudo logging in RBAC. I have heard that RBAC logs are complicated to read and not as simple and granular as sudo logs.
Your help... (0 Replies)
Discussion started by: geomonap
0 Replies
2. Solaris
I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows:
user_attr:
asillito::::type=normal;roles=godbrook
godbrook::::type=role;profiles=Gadbrook,All
prof_attr:
Gadbrook:::Allow root commands to be used by godbrook:
exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies
3. AIX
I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies
4. UNIX for Dummies Questions & Answers
Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies
5. Solaris
Hi all!
On backup server with contab my script worked, but one command don't fine to be executed:
bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/
www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies
6. Solaris
I am referring Bill Calkins(SCSA exam prep) for RBAC..actually i wanted to make a normal user to get the privilege to run a command through authorization, not through profile files...
This is the exact steps given by Bill calkins..
1.roleadd -m -d /export/home/adminusr -c... (11 Replies)
Discussion started by: saagar
11 Replies
7. HP-UX
hi every one i tried rbac and i made
1- role called GizaRoot
2- group called gizagroup
3- added privlage autherization called "m.k"
/usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt:
i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies
8. Solaris
I'm trying to set up RBAC, and I need to know where the logs for RBAC are.
I'm using Solaris 10 as my OS.
I've been reading a lot of documents online and just can't seem to find where the related logs are.
My problem is I need to be able to track a user when they su to a role profile, and... (2 Replies)
Discussion started by: bitlord
2 Replies
9. AIX
Hi all,
i have a little problem...
I have a Trusted AIX v. 6.1 installed on my system p.
I can't disable RBAC mode...
$ lsattr -El sys0 -a enhanced_RBAC
enhanced_RBAC true Enhanced RBAC Mode True
$ chdev -l sys0 -a enhanced_RBAC=false
Method error (/usr/lib/methods/chggen):
0514-018... (3 Replies)
Discussion started by: Zio Bill
3 Replies
10. AIX
Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.
So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies
LEARN ABOUT OPENSOLARIS
pfcsh
pfexec(1) User Commands pfexec(1)
NAME
pfexec, pfsh, pfcsh, pfksh - execute a command in a profile
SYNOPSIS
/usr/bin/pfexec command
/usr/bin/pfexec -P privspec command [ arg ]...
/usr/bin/pfsh [ options ] [ argument ]...
/usr/bin/pfcsh [ options ] [ argument ]...
/usr/bin/pfksh [ options ] [ argument ]...
DESCRIPTION
The pfexec program is used to execute commands with the attributes specified by the user's profiles in the exec_attr(4) database. It is
invoked by the profile shells, pfsh, pfcsh, and pfksh which are linked to the Bourne shell, C shell, and Korn shell, respectively.
Profiles are searched in the order specified in the user's entry in the user_attr(4) database. If the same command appears in more than one
profile, the profile shell uses the first matching entry.
The second form, pfexec -P privspec, allows a user to obtain the additional privileges awarded to the user's profiles in prof_attr(4). The
privileges specification on the commands line is parsed using priv_str_to_set(3C). The resulting privileges are intersected with the union
of the privileges specified using the "privs" keyword in prof_attr(4) for all the user's profiles and added to the inheritable set before
executing the command.
USAGE
pfexec is used to execute commands with predefined process attributes, such as specific user or group IDs.
Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage descriptions of the profile shells.
EXAMPLES
Example 1 Obtaining additional user privileges
example% pfexec -P all chown user file
This command runs chown user file with all privileges assigned to the current user, not necessarily all privileges.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
csh(1), ksh(1), profiles(1), sh(1), exec_attr(4), prof_attr(4), user_attr(4), attributes(5)
SunOS 5.11 3 Mar 2003 pfexec(1)