Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to securely invoke a Solaris privildged command (root) remotely?
Operating Systems Solaris How to securely invoke a Solaris privildged command (root) remotely? Post 302267974 by topstuff on Sunday 14th of December 2008 07:08:27 PM
Old 12-14-2008
How to securely invoke a Solaris privildged command (root) remotely?
Hi,
What I would like to do "securely" is the following.

From one central server invoke a script that does the following.
--Store user/name passwords. (password possibly encrypted in config file)
--From the central server invoke a privileged command (i.e. route add) on multiple servers.

High-level Steps:

1. User logs in Central Server
2. User Invokes "the script"
3. "The Script" --> SSH to <server(s)>, script invokes "privileged command", User has sudo-access to the "privileged command" only (everything should be logged).

Question:
What security issues can I potentially have with the above approach?
Is there other obvious (standard??) way to invoke privileged commands remotely that do not require some sort of agent running on each server? (Do I need an agent on each box??)
Would the new feature of Solaris 10 privileges help me in any way?


Your thoughts/advice on the above would be greatly appreciated.

Thanks
Sam
 

9 More Discussions You Might Find Interesting

1. Solaris

remotely Install netbackup on solaris

Hello - Could you please let me know where do I get the installer for installing netbackup on solaris 10 X86 ? along with the instructions? Thank you. (1 Reply)
Discussion started by: panchpan
1 Replies

2. Solaris

installing solaris securely

Ok, I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality). If I chose the minimal install I have little if no utilities to do work on the box. My question is what installation method do most admins take? ... (7 Replies)
Discussion started by: liven
7 Replies

3. UNIX for Advanced & Expert Users

change passwd remotely in solaris 10

i'm trying to change passwd remotely in unix (solaris) and tried using "expect" but it is not working. Any ideas to change the passwd remotely using a shell script? (1 Reply)
Discussion started by: pharos467
1 Replies

4. Shell Programming and Scripting

How can i invoke SU command in shell script

Hi All , i am trying to switch user (from unix1 to unix 2 ) The user will give me the input and also the password . also how can i login into with the password . itried several attempts . no luck Can any one help on this !!! (4 Replies)
Discussion started by: raghav1982
4 Replies

5. Shell Programming and Scripting

invoke fork command

Hi, I have startup shell script called "xxxxx" for Jboss server which is taking more than expected timeline to complete the process, here I want to use the fork command to start the child process for non dependent component I have a scheduler called "yyyy" which is currently getting invoked... (2 Replies)
Discussion started by: harish76
2 Replies

6. Shell Programming and Scripting

Change root password remotely

Hi All, Hope you all doing well...!!! First of all i will like to share few information about my network. I have a network of 50 solaris servers sample IPs are (10.2.135.1 to 10.2.135.50).. i have created trust for root user of servers 1(10.2.135.1) in all other servers, that is i have shared... (4 Replies)
Discussion started by: varunksharma87
4 Replies

7. Solaris

Solaris 11 Express - cannot reboot remotely

I have installed Solaris 11 Express on my machine. I have problems trying to reboot the computer remotely. When I log to the local console as the root-user and run reboot everything is fine. But when I log in remotely from a Windows machine using putty and do the same, the computer... (3 Replies)
Discussion started by: RychnD
3 Replies

8. Shell Programming and Scripting

invoke this command after every 10 mins

Hi, I have an command which find the files modified within last 3 days and then after selecting the files from the location it make the tar format and send it to the specified destination ...now I want that this task to be automative ..that is it should happen after every 5 minutes ..plz guide me... (5 Replies)
Discussion started by: Neera
5 Replies

9. Solaris

How to remotely start ssh on Solaris?

Hi everyone, I have a Solaris machine: SunOS 5.10 Generic_127127-11 sun4v sparc SUNW,SPARC-Enterprise-T5220 After reboot, I can't ssh to this machine. Error message: ssh: connect to host xxxx port 22: Connection refused It seems ssh daemon is not running, but I don't have... (5 Replies)
Discussion started by: Zaiwen Gong
5 Replies

LEARN ABOUT SUNOS

root_archive

root_archive(1M)														  root_archive(1M)

NAME

       root_archive - manage bootable miniroot archives

SYNOPSIS

       /boot/solaris/bin/root_archive  pack  archive root

       /boot/solaris/bin/root_archive  unpack  archive root

       /boot/solaris/bin/root_archive  packmedia  solaris_image root

       /boot/solaris/bin/root_archive  unpackmedia  solaris_image root

       The  root_archive  utility is used to manage bootable miniroot archives and is currently only available on  platforms. The utility can pack
       and unpack boot/root archives in both ufs and hsfs (iso9660) format. It will always generate ufs archives.

       root_archive also uses the lofi file driver to export a file as a block device (see lofi(7D)) and mount to mount or  unmount  file  systems
       and remote resources (see mount(1M)). root_archive requires the same privileges that are needed to run these commands.

SUBCOMMANDS

       The root_archive command has the following subcommands:

       pack archive root

	   Pack from the image found under the root directory to the archive.

       unpack archive root

	   Unpack from the archive to an unpacked image under the root directory.

       packmedia solaris_image root

	   Pack the solaris image to the root directory.

       unpackmedia solaris_image root

	   Unpack the solaris image from the root directory.

       For  packmedia  and  unpackmedia,  other items that do not go into the ramdisk image are copied or uncopied (see cpio(1)) as well. Specifi-
       cally, this includes all the packaging databases needed for pkgadd and the other packaging utilities to succeed which are not used  in  the
       running and hence pruned to conserve memory.

EXAMPLES

       Example 1: Unpacking the Solaris x86 install image

       The following command unpacks the current Solaris image from the root directory:

       # root_archive unpackmedia 
       /export/nv/solarisdvd.nvx_dvd/latest /export/Boot

       Where  /export/nv/solarisdvd.nvx_dvd/latest  represents	a path to a Solaris x86 install image and /export/Boot is a directory that will be
       purged or created, as necessary.

       Example 2: Packing the Solaris x86 install image

       The following command packs the current Solaris image to the root directory:

       # root_archive packmedia 
       /export/nv/solarisdvd.nvx_dvd/latest /export/Boot

       The following exit values are returned:

       0

	   The command completed successfully.

       1

	   The command exited due to an error.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+

       cpio(1), bootadm(1M), mount(1M), attributes(5), lofi(7D)

								    26 Sep 2005 						  root_archive(1M)
All times are GMT -4. The time now is 09:32 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy