Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to limit patchadd command to root user only?
Special Forums Cybersecurity How to limit patchadd command to root user only? Post 302579859 by ShouTenraku on Tuesday 6th of December 2011 11:16:15 PM
Old 12-07-2011
Question How to limit patchadd command to root user only?
How to limit patchadd command to root user only?

I'm running a solaris 10 5/09 server, I have 2 users other than root. One being able to use the patchadd command and one is unable to do so. What I'm trying to do is to limit the patchadd command so that only root is able to run it.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Limit Unix command to user

Is it possible to limit a user account to only several commands. For security reasons, i would like for some users given accounts to only execute commands limited to them. If possible, how can it be done? tyvm. (1 Reply)
Discussion started by: coolphilboy
1 Replies

2. Shell Programming and Scripting

login into root from user and execute command through script

i have logged in as user. I want to write a script to login into root and execute commands for eg. ifconfig or other command. kindly help me out. (6 Replies)
Discussion started by: pradeepreddy
6 Replies

3. Solaris

patchadd command

# patchadd /Desktop/117837-08.jar Validating patches... Loading patches installed on the system... Done! Loading patches requested to install. Done! The following requested patches have packages not installed on the system Package SPROcc from directory SPROcc in patch 117837-08 is... (19 Replies)
Discussion started by: seyiisq
19 Replies

4. Shell Programming and Scripting

root user command in shell script execute as normal user

Hi All I have written one shell script for GPRS route add is given below named GPRSRouteSet.sh URL="www.google.com" VBURL="10.5.2.211" echo "Setting route for $URL for GPRS" URL_Address=`nslookup $URL|grep Address:|grep -v "#"|awk -F " " '{print $2}'|head -1` echo "Executing ... (3 Replies)
Discussion started by: mnmonu
3 Replies

5. UNIX for Dummies Questions & Answers

Allow a user use a specific root command!

Hi, I like to allow an user to permit an root command " /usr/ucb/ps -auxwww", do you know how? Kind regards Mehrdad (6 Replies)
Discussion started by: mehrdad68
6 Replies

6. Shell Programming and Scripting

Execute Root command as Normal user

Hi, We need to execute a root commmand to change the expiry period of a user but we are getting error as permission denied Q How can we execute a root command by a normal user ? :mad: any thing or suggestion will be good .... :b: (3 Replies)
Discussion started by: abhishek1979
3 Replies

7. UNIX for Dummies Questions & Answers

Execute a command as root from normal user

Hi , I am trying to stop and start a process using the below code. I have sudo access on my machine ## PID = process id echo "$PASSWD" | sudo -S kill -9 <PID> echo "$PASSWD" | sudo -S /opt/abc/startserver /opt/abc/startserver: error while loading shared libraries: librts.so: cannot open... (6 Replies)
Discussion started by: rakeshkumar
6 Replies

8. Red Hat

Limit root user of SSH logins

Hi team, I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like: @root hard maxlogins 1 I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this: ... (10 Replies)
Discussion started by: leo_ultra_leo
10 Replies

9. Shell Programming and Scripting

Execute a command with root user

i m logged in with user1 id. i wish to execute the below as root user for which i tried several commands but all of them fail. sudo 'cat /tmp/tmp.file >>/etc/logger' Password: sudo: cat /tmp/tmp.file >>/etc/logger: command not found sudo cat /tmp/tmp.file >>/etc/logger bash:... (5 Replies)
Discussion started by: mohtashims
5 Replies

10. UNIX for Beginners Questions & Answers

Running a command as another non-root user

Hi, I am trying to run a command within my KSH script as another user due to permission issues, now both users are non root. I have tried the following command and was unsuccessful: echo "<password>" | sudo -S -u <username> -k command Can I use sudo to run a command as a non-root user? (5 Replies)
Discussion started by: MIA651
5 Replies

LEARN ABOUT OPENSOLARIS

pprosvc

pprosvc(1M)                                               System Administration Commands                                               pprosvc(1M)

NAME

       pprosvc - automation service program for Patch Manager

SYNOPSIS

       /usr/sbin/pprosvc [-c config-name] [-d [-p patch-id [,patch-id...]]] [-h] [-i [-n] [-p patch-id [,patch-id...]]] [-l]

DESCRIPTION

       Note -  This command is deprecated. Use the smpatch analyze, smpatch download, and smpatch update commands instead. See the smpatch(1M) man
               page.

       Use the pprosvc command to analyze a system to determine the list of appropriate patches, download the patches, and apply them.  This  com-
       mand invokes patch operations in response to a user request or at a scheduled time. You must run this command as superuser.

       The pprosvc command enables you to do the following:

         o  Analyze the host system for appropriate patches based on an established configuration

         o  Generate the list of appropriate patches

         o  Download the patches to your host system from the Sun patch server

         o  Apply the patches based on a patch policy

       Use  the  pprosvc -i command to analyze a system, download the appropriate patches, and apply them. If analysis determines that patches are
       needed, the pprosvc command downloads them and applies them.

       Specify other options to automate a subset of the patch management tasks. If you specify the -d option, your system  is  analyzed  and  the
       appropriate  patches  are  downloaded to your system. If you specify the -l option, your system is analyzed and the appropriate patches are
       listed.

       The list of patches that is generated by the analysis is based on all of the available patches from  the  Sun  patch  server.  No  explicit
       information about your host system or its network configuration is transmitted to Sun. Only a request for the Sun patch set is transmitted.
       The patch set is scanned for patches that are appropriate for this host system, the results are displayed, and those patches are optionally
       downloaded.

       The -d, -i, and -l options are mutually exclusive.

       Use the -p option to specify the patches on which to operate. You can use the -p option with the -d and -i options.

OPTIONS

       The following options are supported:

       -c config-name          Uses an alternate configuration for the current patch operation. Use the pprosetup command to create new configura-
                               tions.

                               A configuration named recommended is included. For more information, see ``Specifying Alternate Configurations'' in
                               the pprosetup(1M) man page.

                               Note -  This feature is not supported by the smpatch command.

       -d                      Downloads the patches that are appropriate for this host system. The patches are downloaded to the designated down-
                               load directory.

                               This option generates a list of appropriate patches, as does the -l option. However, instead of just displaying the
                               list  of patches, the -d option displays and downloads the patches from the Sun patch server. The patches are down-
                               loaded using a secure connection, and all patches  are  authenticated  using  digital  signature  technology.  Only
                               patches that are signed with a Sun digital signature are stored in your download directory.

                               Note -  Specifying this option is equivalent to running the smpatch download command.

       -h                      Displays information about the command-line options.

       -i                      Applies  the  patches based on the patch policy. This option analyzes your system to generate a list of appropriate
                               patches. If analysis determines that patches are needed, the patches are downloaded and applied. If no patches  are
                               permitted  to  be  applied in automatic mode (by running pprosetup -p none), this option is identical to specifying
                               the -d option.

                               If only standard patches are permitted to be applied in automatic mode (by  running  pprosetup  -p  standard),  all
                               standard patches are applied.

                               Note -  Specifying this option is equivalent to running the smpatch update command.

       -l                      Generates a list of the patches that are appropriate for this host system.

                               Note -  Specifying this option is equivalent to running the smpatch analyze command.

       -n                      Runs  pprosvc in automatic mode. The command that the cron job specifies is pprosvc -i -n. To schedule patch opera-
                               tions to run in automatic mode, see the pprosetup(1M) man page.

                               In automatic mode, the patch administrator (specified by the -a option) receives email notifications that  describe
                               the patches you downloaded and applied, and any error events that occurred.

                               Do not use this option on the command line.

                               Standard  patches  do not require any special actions on the part of the user. Such patches can be applied by using
                               the patchadd command (see the patchadd(1M) man page) and do not need the host system to reboot  for  the  patch  to
                               take effect.

                               All  nonstandard patches are moved to the sequester directory if you use the -n option to run in automatic mode. If
                               you run in manual mode, however, nonstandard patches that have properties that match the policy specified by ppros-
                               etup  -i  are  applied.  The  rest  of  the nonstandard patches are moved to the sequester directory. You can apply
                               patches from this directory at a later time. Patches, whether standard or nonstandard, that depend  on  sequestered
                               patches are not applied under any circumstances. Such patches are placed in the sequester directory.

                               For any patch that is placed in the sequester directory, refer to the patch's README file to determine how to apply
                               it to your system.

                               Note -  This feature is not supported by the smpatch command.

       -p [patch-id[,patch-id,.Designates the specific patches on which to operate. Use this option with the -d option or the -i option. The  list
                               of patch IDs must be separated by commas.

                               The  specified  patches  are  adjusted  to  use  the current versions based on the patch baseline. Patches that are
                               required by the specified patches are added to the complete list of patches to be applied.

                               Note -  Specifying this option is equivalent to specifying the -i option to the smpatch analyze, smpatch  download,
                                       and smpatch update commands.

EXAMPLES

       Example 1: Applying Specific Patches in Manual Mode

       # pprosvc -i -p 102893-01,106895-09,106527-05

       Applies patches 102893-01, 106895-09, and 106527-05 to the local system in manual mode.

       Example 2: Analyzing a System and Downloading Appropriate Patches

       # pprosvc -i

       Performs  an  analysis  of the current system and downloads the appropriate patches based on all the patches from the Sun patch server. The
       resulting list of patches can be very long.

       Example 3: Applying Patches From the Recommended Configuration

       # pprosvc -c recommended -i

       Uses the recommended configuration to perform an analysis of the current system and downloads the appropriate patches. Standard patches and
       those needed from the recommended configuration are applied to the system based on the established patch policy. For information about set-
       ting the patch policy for manual mode, see the description of the -i option on the pprosetup(1M) man page.

ATTRIBUTES

       See the attributes(5) man page for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWpprou                    |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Obsolete                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       patchadd(1M), patchrm(1M), pprosetup(1M), smc(1M), smpatch(1M), attributes(5)

SunOS 5.10                                                          7 May 2004                                                         pprosvc(1M)
All times are GMT -4. The time now is 01:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy