07-20-2009
samar and jlliagre, thanks for your valuable time...
I understand the need for entries in /etc/security/prof_attr and /etc/security/exec_attr..but let me ask you .. suppose if i do that this way:
vi /etc/security/prof_attr
shut:::Shut down the system:
vi /etc/security/exec_attr
shut:suser:cmd:::/usr/sbin/shutdown:uid=0
(note that the profile is not being given auths=solaris.system.shutdown attribute)
roleadd -m -d /export/home/adminusr -P shut adminusr
usermod -R adminusr neil
It works perfect even without any authorization...then where will the need for the -A switch arise..?This is the question I am trying to get an answer for the whole 5 hours of yesterday.., that is the reason why I wanted to create a role and user with just entries in /etc/user_attr instead of /etc/security/prof_attr and /etc/security/exec_attr.
kindly help me out...!
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
well, I was suggested to remove the contents of the cache as i get out of the browser netscape from the .netscape folder. is that really necessary? if so what are the rest to be done?
can anybody please tell me?:rolleyes: (8 Replies)
Discussion started by: sskb
8 Replies
2. Programming
Hi all,
Just a little question relative to signals.
I know that if an application is in the sleep state, When a signal is catched, it will be processed by the handler. But what happens if it's processing something? Does the processing stops??
The following code should illustrate this case
... (2 Replies)
Discussion started by: ninjanesto
2 Replies
3. UNIX for Advanced & Expert Users
Hello,
I have created following alias in csh
lab 'rlogin -l user23 complab23'
but problem is complab23 does not allow automatic login by checking .rhosts file. So after typing lab on command line I have to type complicate password and if wrong password is typed thrice then account gets... (4 Replies)
Discussion started by: neerajrathi2
4 Replies
4. AIX
I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies
5. HP-UX
hi every one i tried rbac and i made
1- role called GizaRoot
2- group called gizagroup
3- added privlage autherization called "m.k"
/usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt:
i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies
6. Shell Programming and Scripting
Hi All,
When i have run the below command its showing 90% which is critical for production. for this i need the answer of some below question please help me for that.
1) i want to delete some unwanted files. how can i know the unwanted files ?Is it there any way of knowing this??
2)and... (2 Replies)
Discussion started by: aish11
2 Replies
7. Shell Programming and Scripting
awk "/^<Mar 31, 2012 : /,0" /app/blah.log
can someone please help me figure out why the above command isn't pulling anything out from the log?
basically, i want it to pull out all records, from the very first line that starts with the date "Mar 31, 2012" and that also has a time immediately... (4 Replies)
Discussion started by: SkySmart
4 Replies
8. UNIX for Dummies Questions & Answers
If I run a script called 'abc.sh' and then execute the following :
ps -ef | grep 'abc.sh'
I always get two rows of output, one for the executing script, and the other for the grep command that I have triggered after the pipe.
Questions: Why does the second row turn up in the results. My... (10 Replies)
Discussion started by: jawsnnn
10 Replies
9. Shell Programming and Scripting
awk -F ";" 'FNR==NR{a=$1;next} ($2 in a)' server.list datafile | while read line
do
echo ${line}
done
when i run the above, i get this:
1 SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net ....
instead of:
SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net ....
can... (4 Replies)
Discussion started by: SkySmart
4 Replies
10. UNIX for Dummies Questions & Answers
We have huge file with control A as delimiter. Somehow one record is corrupted. This time i figured it out using ETL graph. If future , how to print only bad record.
Example Correct record:... (2 Replies)
Discussion started by: srikanth38
2 Replies
LEARN ABOUT HPUX
profiles
profiles(1) profiles(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)