Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User Privilege
Operating Systems AIX User Privilege Post 302439148 by zaxxon on Thursday 22nd of July 2010 02:35:45 AM
Old 07-22-2010
You can allow him to "su -" via sudo for example. More secure might be to just allow via sudo which commands he explicitly should be able to use and after that remark the sudoers entries.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Write privilege for user

Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory? My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies

2. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies

3. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

4. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies

5. Solaris

what privilege to assign for user to cancel or disable print queue?

OS Version: Sun Solaris version 9 Other than root, we need operation to manage printer queue by using following command: lprm -P cancel enable/disable What privilege should be given? Pls advise. Thank you. (4 Replies)
Discussion started by: KhawHL
4 Replies

6. UNIX for Dummies Questions & Answers

what does the x privilege mean?

what does x(in rwx) privilege mean? just text files or shell script files? that's so confusing. (3 Replies)
Discussion started by: kang
3 Replies

7. AIX

sudo - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Discussion started by: Daniel Gate
9 Replies

8. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

9. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

10. Solaris

Assigning proc_owner privilege to particular user in RBAC

Hi I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this. Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies

LEARN ABOUT DEBIAN

priv_check

PRIV(9) 						   BSD Kernel Developer's Manual						   PRIV(9)

NAME

     priv -- kernel privilege checking API

SYNOPSIS

     #include <sys/priv.h>

     int
     priv_check(struct thread *td, int priv);

     int
     priv_check_cred(struct ucred *cred, int priv, int flags);

DESCRIPTION

     The priv interfaces check to see if specific system privileges are granted to the passed thread, td, or credential, cred.	This interface
     replaces the now removed suser(9) privilege checking interface.  Privileges typically represent rights in one of two categories: the right to
     manage a particular component of the system, or an exemption to a specific policy or access control list.	The caller identifies the desired
     privilege via the priv argument.  The optional flags argument, flags, is currently unused.

   Privilege Policies
     Privileges are typically granted based on one of two base system policies: the superuser policy, which grants privilege based on the effec-
     tive (or sometimes real) UID having a value of 0, and the jail(2) policy, which permits only certain privileges to be granted to processes in
     a jail.  The set of available privileges may also be influenced by the TrustedBSD MAC Framework, described in mac(9).

IMPLEMENTATION NOTES

     When adding a new privilege check to a code path, first check the complete list of current privileges in sys/priv.h to see if one already
     exists for the class of privilege required.  Only if there is not an exact match should a new privilege be added to the privilege list.  As
     privilege numbers becomes encoded in the kernel module ABI, privilege constants must not be changed as any kernel modules depending on privi-
     leges will then need to be recompiled.  When adding a new privilege, be certain to also determine whether it should be listed in
     prison_priv_check(), which includes a complete list of privileges granted to the root user in jail(2).

     Certain catch-all privileges exist, such as PRIV_DRIVER, intended to be used by device drivers, rather than adding a new driver-specific
     privilege.

RETURN VALUES

     Typically, 0 will be returned for success, and EPERM will be returned on failure.	Most consumers of priv will wish to directly return the
     error code from a failed privilege check to user space; a small number will wish to translate it to another error code appropriate to a spe-
     cific context.

     When designing new APIs, it is preferable to return explicit errors from a call if privilege is not granted rather than changing the seman-
     tics of the call but returning success.  For example, the behavior exhibited by stat(2), in which the generation field is optionally zero'd
     out when there is insufficient privilege is highly undesirable, as it results in frequent privilege checks, and the caller is unable to tell
     if an access control failure occurred.

SEE ALSO

     jail(2), mac(9), ucred(9)

AUTHORS

     The priv API and implementation were created by Robert Watson under contract to nCircle Network Security, Inc.

BSD
								  August 30, 2006							       BSD
All times are GMT -4. The time now is 04:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy