Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to securely invoke a Solaris privildged command (root) remotely?
Operating Systems Solaris How to securely invoke a Solaris privildged command (root) remotely? Post 302267974 by topstuff on Sunday 14th of December 2008 07:08:27 PM
Old 12-14-2008
How to securely invoke a Solaris privildged command (root) remotely?
Hi,
What I would like to do "securely" is the following.

From one central server invoke a script that does the following.
--Store user/name passwords. (password possibly encrypted in config file)
--From the central server invoke a privileged command (i.e. route add) on multiple servers.

High-level Steps:

1. User logs in Central Server
2. User Invokes "the script"
3. "The Script" --> SSH to <server(s)>, script invokes "privileged command", User has sudo-access to the "privileged command" only (everything should be logged).

Question:
What security issues can I potentially have with the above approach?
Is there other obvious (standard??) way to invoke privileged commands remotely that do not require some sort of agent running on each server? (Do I need an agent on each box??)
Would the new feature of Solaris 10 privileges help me in any way?


Your thoughts/advice on the above would be greatly appreciated.

Thanks
Sam
 

9 More Discussions You Might Find Interesting

1. Solaris

remotely Install netbackup on solaris

Hello - Could you please let me know where do I get the installer for installing netbackup on solaris 10 X86 ? along with the instructions? Thank you. (1 Reply)
Discussion started by: panchpan
1 Replies

2. Solaris

installing solaris securely

Ok, I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality). If I chose the minimal install I have little if no utilities to do work on the box. My question is what installation method do most admins take? ... (7 Replies)
Discussion started by: liven
7 Replies

3. UNIX for Advanced & Expert Users

change passwd remotely in solaris 10

i'm trying to change passwd remotely in unix (solaris) and tried using "expect" but it is not working. Any ideas to change the passwd remotely using a shell script? (1 Reply)
Discussion started by: pharos467
1 Replies

4. Shell Programming and Scripting

How can i invoke SU command in shell script

Hi All , i am trying to switch user (from unix1 to unix 2 ) The user will give me the input and also the password . also how can i login into with the password . itried several attempts . no luck Can any one help on this !!! (4 Replies)
Discussion started by: raghav1982
4 Replies

5. Shell Programming and Scripting

invoke fork command

Hi, I have startup shell script called "xxxxx" for Jboss server which is taking more than expected timeline to complete the process, here I want to use the fork command to start the child process for non dependent component I have a scheduler called "yyyy" which is currently getting invoked... (2 Replies)
Discussion started by: harish76
2 Replies

6. Shell Programming and Scripting

Change root password remotely

Hi All, Hope you all doing well...!!! First of all i will like to share few information about my network. I have a network of 50 solaris servers sample IPs are (10.2.135.1 to 10.2.135.50).. i have created trust for root user of servers 1(10.2.135.1) in all other servers, that is i have shared... (4 Replies)
Discussion started by: varunksharma87
4 Replies

7. Solaris

Solaris 11 Express - cannot reboot remotely

I have installed Solaris 11 Express on my machine. I have problems trying to reboot the computer remotely. When I log to the local console as the root-user and run reboot everything is fine. But when I log in remotely from a Windows machine using putty and do the same, the computer... (3 Replies)
Discussion started by: RychnD
3 Replies

8. Shell Programming and Scripting

invoke this command after every 10 mins

Hi, I have an command which find the files modified within last 3 days and then after selecting the files from the location it make the tar format and send it to the specified destination ...now I want that this task to be automative ..that is it should happen after every 5 minutes ..plz guide me... (5 Replies)
Discussion started by: Neera
5 Replies

9. Solaris

How to remotely start ssh on Solaris?

Hi everyone, I have a Solaris machine: SunOS 5.10 Generic_127127-11 sun4v sparc SUNW,SPARC-Enterprise-T5220 After reboot, I can't ssh to this machine. Error message: ssh: connect to host xxxx port 22: Connection refused It seems ssh daemon is not running, but I don't have... (5 Replies)
Discussion started by: Zaiwen Gong
5 Replies

LEARN ABOUT DEBIAN

condor_store_cred

condor_store_cred(1)					      General Commands Manual					      condor_store_cred(1)

Name
       condor_store_cred securely - stash a password

Synopsis
       condor_store_cred [-help]

       condor_store_credadd[ -c | -u username] [-p password] [-n machinename] [-f filename]

       condor_store_creddelete[ -c | -u username] [-n machinename]

       condor_store_credquery[ -c | -u username] [-n machinename]

Description
       condor_store_credstores passwords in a secure manner. There are two separate uses of condor_store_cred:

	  1.  A  shared  pool  password  is needed in order to implement the  PASSWORD authentication method. condor_store_cred using the -coption
	  deals with the password for the implied  condor_pool@$(UID_DOMAIN) user name.

	  On a Unix machine, condor_store_cred with the -foption is used to set the pool password, as needed when used with the  PASSWORD  authen-
	  tication method. The pool password is placed in a file specified by the  SEC_PASSWORD_FILE configuration variable.

	  2. In order to submit a job from a Windows platform machine, or to execute a job on a Windows platform machine utilizing the run_as_own-
	  erfunctionality, condor_store_cred stores the password of a user/domain pair securely in the Windows registry. Using this  stored  pass-
	  word,  Condor  may act on behalf of the submitting user to access files, such as writing output or log files. Condor is able to run jobs
	  with the user ID of the submitting user. The password is stored in the same manner as the system does when setting or  changing  account
	  passwords.

       Passwords are stashed in a persistent manner; they are maintained across system reboots.

       The  addargument on the Windows platform stores the password securely in the registry. The user is prompted to enter the password twice for
       confirmation, and characters are not echoed. If there is already a password stashed, the old password will be overwritten by the new  pass-
       word.

       The deleteargument deletes the current password, if it exists.

       The queryreports whether the password is stored or not.

Options
       -c

	  Operations refer to the pool password, as used in the  PASSWORD authentication method.

       -f filename

	  For Unix machines only, generates a pool password file named filenamethat may be used with the  PASSWORD authentication method.

       -help

	  Displays a brief summary of command options.

       -n machinename

	  Apply the command on the given machine.

       -p password

	  Stores password, rather than prompting the user to enter a password.

       -u username

	  Specify the user name.

Exit Status
       condor_store_credwill exit with a status value of 0 (zero) upon success, and it will exit with the value 1 (one) upon failure.

Author
       Condor Team, University of Wisconsin-Madison

Copyright
       Copyright  (C)  1990-2012  Condor  Team,  Computer  Sciences Department, University of Wisconsin-Madison, Madison, WI. All Rights Reserved.
       Licensed under the Apache License, Version 2.0.

       See the Condor Version 7.8.2 Manualor http://www.condorproject.org/licensefor additional notices. condor-admin@cs.wisc.edu

								  September 2012					      condor_store_cred(1)
All times are GMT -4. The time now is 07:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy