|
|
Sponsored Content
Operating Systems
Solaris
RBAC related question.....
Post 302335602 by samar on Monday 20th of July 2009 04:51:52 AM
07-20-2009
so i dont know how u managed that,i suspect that executive attribution has not given correct for your role that it cant execute "shutdown",
but example shown below works 100% :
# useradd -m -d /export/home/testuser testuser
64 blocks
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser
# grep testuser /etc/passwd
testuser:x:60004:1::/export/home/testuser:/bin/sh
# roleadd -m -d /export/home/shutdown shutdown
64 blocks
# passwd shutdown
New Password:
Re-enter new Password:
passwd: password successfully changed for shutdown
# grep shutdown /etc/passwd
shutdown:x:60005:1::/export/home/shutdown:/bin/pfsh
# usermod -R shutdown testuser
# grep testuser /etc/user_attr
testuser::::type=normal;roles=shutdown
#echo "SHUTDOWN::
rofile to shutdown:help=shutdown.html" > /etc/security/prof_attr
#rolemod -P SHUTDOWN shutdown
#echo "SHUTDOWN:suser:cmd:::/usr/sbin/shutdown:uid=0" > /etc/security/exec_attr
-----------------------------------------------------
login as: testuser
Using keyboard-interactive authentication.
Password:
Last login: Mon Jul 20 12:36:57 2009 from 10.10.1.231
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ su - shutdown
Password:
$ /usr/sbin/shutdown
hutdown started. Mon Jul 20 12:53:22 GET 2009
Broadcast Message from root (pts/2) on gantek4 Mon Jul 20 12:53:22...
The system gantek4 will be shut down in 1 minute
showmount: gantek4: RPC: Program not registered
Broadcast Message from root (pts/2) on gantek4 Mon Jul 20 12:53:52...
The system gantek4 will be shut down in 30 seconds
Good luck
but example shown below works 100% :
# useradd -m -d /export/home/testuser testuser
64 blocks
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser
# grep testuser /etc/passwd
testuser:x:60004:1::/export/home/testuser:/bin/sh
# roleadd -m -d /export/home/shutdown shutdown
64 blocks
# passwd shutdown
New Password:
Re-enter new Password:
passwd: password successfully changed for shutdown
# grep shutdown /etc/passwd
shutdown:x:60005:1::/export/home/shutdown:/bin/pfsh
# usermod -R shutdown testuser
# grep testuser /etc/user_attr
testuser::::type=normal;roles=shutdown
#echo "SHUTDOWN::
rofile to shutdown:help=shutdown.html" > /etc/security/prof_attr#rolemod -P SHUTDOWN shutdown
#echo "SHUTDOWN:suser:cmd:::/usr/sbin/shutdown:uid=0" > /etc/security/exec_attr
-----------------------------------------------------
login as: testuser
Using keyboard-interactive authentication.
Password:
Last login: Mon Jul 20 12:36:57 2009 from 10.10.1.231
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ su - shutdown
Password:
$ /usr/sbin/shutdown
hutdown started. Mon Jul 20 12:53:22 GET 2009
Broadcast Message from root (pts/2) on gantek4 Mon Jul 20 12:53:22...
The system gantek4 will be shut down in 1 minute
showmount: gantek4: RPC: Program not registered
Broadcast Message from root (pts/2) on gantek4 Mon Jul 20 12:53:52...
The system gantek4 will be shut down in 30 seconds
Good luck
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
well, I was suggested to remove the contents of the cache as i get out of the browser netscape from the .netscape folder. is that really necessary? if so what are the rest to be done?
can anybody please tell me?:rolleyes: (8 Replies)
Discussion started by: sskb
8 Replies
2. Programming
Hi all,
Just a little question relative to signals.
I know that if an application is in the sleep state, When a signal is catched, it will be processed by the handler. But what happens if it's processing something? Does the processing stops??
The following code should illustrate this case
... (2 Replies)
Discussion started by: ninjanesto
2 Replies
3. UNIX for Advanced & Expert Users
Hello,
I have created following alias in csh
lab 'rlogin -l user23 complab23'
but problem is complab23 does not allow automatic login by checking .rhosts file. So after typing lab on command line I have to type complicate password and if wrong password is typed thrice then account gets... (4 Replies)
Discussion started by: neerajrathi2
4 Replies
4. AIX
I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies
5. HP-UX
hi every one i tried rbac and i made
1- role called GizaRoot
2- group called gizagroup
3- added privlage autherization called "m.k"
/usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt:
i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies
6. Shell Programming and Scripting
Hi All,
When i have run the below command its showing 90% which is critical for production. for this i need the answer of some below question please help me for that.
1) i want to delete some unwanted files. how can i know the unwanted files ?Is it there any way of knowing this??
2)and... (2 Replies)
Discussion started by: aish11
2 Replies
7. Shell Programming and Scripting
awk "/^<Mar 31, 2012 : /,0" /app/blah.log
can someone please help me figure out why the above command isn't pulling anything out from the log?
basically, i want it to pull out all records, from the very first line that starts with the date "Mar 31, 2012" and that also has a time immediately... (4 Replies)
Discussion started by: SkySmart
4 Replies
8. UNIX for Dummies Questions & Answers
If I run a script called 'abc.sh' and then execute the following :
ps -ef | grep 'abc.sh'
I always get two rows of output, one for the executing script, and the other for the grep command that I have triggered after the pipe.
Questions: Why does the second row turn up in the results. My... (10 Replies)
Discussion started by: jawsnnn
10 Replies
9. Shell Programming and Scripting
awk -F ";" 'FNR==NR{a=$1;next} ($2 in a)' server.list datafile | while read line
do
echo ${line}
done
when i run the above, i get this:
1 SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net ....
instead of:
SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net ....
can... (4 Replies)
Discussion started by: SkySmart
4 Replies
10. UNIX for Dummies Questions & Answers
We have huge file with control A as delimiter. Somehow one record is corrupted. This time i figured it out using ETL graph. If future , how to print only bad record.
Example Correct record:... (2 Replies)
Discussion started by: srikanth38
2 Replies
LEARN ABOUT BSD
shutdown
SHUTDOWN(8) System Manager's Manual SHUTDOWN(8) NAME
shutdown - close down the system at a given time SYNOPSIS
shutdown [ -k ] [ -r ] [ -h ] [ -f ] [ -n ] time [ warning-message ... ] DESCRIPTION
Shutdown provides an automated shutdown procedure which a super-user can use to notify users nicely when the system is shutting down, sav- ing them from system administrators, hackers, and gurus, who would otherwise not bother with niceties. Time is the time at which shutdown will bring the system down and may be the word now (indicating an immediate shutdown) or specify a future time in one of two formats: +number and hour:min. The first form brings the system down in number minutes and the second brings the system down at the time of day indicated (as a 24-hour clock). At intervals which get closer together as apocalypse approaches, warning messages are displayed at the terminals of all users on the sys- tem. Five minutes before shutdown, or immediately if shutdown is in less than 5 minutes, logins are disabled by creating /etc/nologin and writing a message there. If this file exists when a user attempts to log in, login(1) prints its contents and exits. The file is removed just before shutdown exits. At shutdown time a message is written in the system log, containing the time of shutdown, who ran shutdown and the reason. Then a termi- nate signal is sent to init to bring the system down to single-user state. Alternatively, if -r, -h, or -k was used, then shutdown will exec reboot(8), halt(8), or avoid shutting the system down (respectively). (If it isn't obvious, -k is to make people think the system is going down!) With the -f option, shutdown arranges, in the manner of fastboot(8), that when the system is rebooted the file systems will not be checked. The -n option prevents the normal sync(2) before stopping. The time of the shutdown and the warning message are placed in /etc/nologin and should be used to inform the users about when the system will be back up and why it is going down (or anything else). FILES
/etc/nologin tells login not to let anyone log in SEE ALSO
login(1), reboot(8), fastboot(8) BUGS
Only allows you to kill the system between now and 23:59 if you use the absolute time for shutdown. 4th Berkeley Distribution November 16, 1996 SHUTDOWN(8)