12-08-2011
Is there anyway I can check if they have root/admin access?
Sorry I forgot to mention those users account are my own.
One of them can simply #patchadd and patchadd will execute the other will get a #patchadd:not found.
/etc/user_atrr entries are identical for both users
#
# /etc/user_atrr
# execution attributes for profiles. see user_attr(4)
#ident "@ (#)user_attr 1.1 07/01/31 SMI"
adm:::: profiles=Log Management
lp:::: profiles=Printer Management
postgres::::type=role;profiles=Postgres Administration,All
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clearance=admin_high
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is it possible to limit a user account to only several commands. For security reasons, i would like for some users given accounts to only execute commands limited to them.
If possible, how can it be done? tyvm. (1 Reply)
Discussion started by: coolphilboy
1 Replies
2. Shell Programming and Scripting
i have logged in as user.
I want to write a script to login into root and execute commands for eg. ifconfig or other command.
kindly help me out. (6 Replies)
Discussion started by: pradeepreddy
6 Replies
3. Solaris
# patchadd /Desktop/117837-08.jar
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
The following requested patches have packages not installed on the system
Package SPROcc from directory SPROcc in patch 117837-08 is... (19 Replies)
Discussion started by: seyiisq
19 Replies
4. Shell Programming and Scripting
Hi All
I have written one shell script for GPRS route add is given below named GPRSRouteSet.sh
URL="www.google.com"
VBURL="10.5.2.211"
echo "Setting route for $URL for GPRS"
URL_Address=`nslookup $URL|grep Address:|grep -v "#"|awk -F " " '{print $2}'|head -1`
echo "Executing ... (3 Replies)
Discussion started by: mnmonu
3 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I like to allow an user to permit an root command " /usr/ucb/ps -auxwww", do you know how?
Kind regards
Mehrdad (6 Replies)
Discussion started by: mehrdad68
6 Replies
6. Shell Programming and Scripting
Hi,
We need to execute a root commmand to change the expiry period of a user but we are getting error as permission denied
Q How can we execute a root command by a normal user ? :mad:
any thing or suggestion will be good .... :b: (3 Replies)
Discussion started by: abhishek1979
3 Replies
7. UNIX for Dummies Questions & Answers
Hi ,
I am trying to stop and start a process using the below code. I have sudo access on my machine
## PID = process id
echo "$PASSWD" | sudo -S kill -9 <PID>
echo "$PASSWD" | sudo -S /opt/abc/startserver
/opt/abc/startserver: error while loading shared libraries: librts.so: cannot open... (6 Replies)
Discussion started by: rakeshkumar
6 Replies
8. Red Hat
Hi team,
I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like:
@root hard maxlogins 1
I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this:
... (10 Replies)
Discussion started by: leo_ultra_leo
10 Replies
9. Shell Programming and Scripting
i m logged in with user1 id.
i wish to execute the below as root user for which i tried several commands but all of them fail.
sudo 'cat /tmp/tmp.file >>/etc/logger'
Password:
sudo: cat /tmp/tmp.file >>/etc/logger: command not found
sudo cat /tmp/tmp.file >>/etc/logger
bash:... (5 Replies)
Discussion started by: mohtashims
5 Replies
10. UNIX for Beginners Questions & Answers
Hi,
I am trying to run a command within my KSH script as another user due to permission issues, now both users are non root. I have tried the following command and was unsuccessful:
echo "<password>" | sudo -S -u <username> -k command
Can I use sudo to run a command as a non-root user? (5 Replies)
Discussion started by: MIA651
5 Replies
LEARN ABOUT OPENDARWIN
profiles
profiles(1) profiles(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)