Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to limit patchadd command to root user only?
Special Forums Cybersecurity How to limit patchadd command to root user only? Post 302580194 by ShouTenraku on Wednesday 7th of December 2011 11:04:30 PM
Old 12-08-2011
Is there anyway I can check if they have root/admin access?

Sorry I forgot to mention those users account are my own.
One of them can simply #patchadd and patchadd will execute the other will get a #patchadd:not found.
/etc/user_atrr entries are identical for both users
#
# /etc/user_atrr
# execution attributes for profiles. see user_attr(4)
#ident "@ (#)user_attr 1.1 07/01/31 SMI"
adm:::: profiles=Log Management
lp:::: profiles=Printer Management
postgres::::type=role;profiles=Postgres Administration,All
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clearance=admin_high
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Limit Unix command to user

Is it possible to limit a user account to only several commands. For security reasons, i would like for some users given accounts to only execute commands limited to them. If possible, how can it be done? tyvm. (1 Reply)
Discussion started by: coolphilboy
1 Replies

2. Shell Programming and Scripting

login into root from user and execute command through script

i have logged in as user. I want to write a script to login into root and execute commands for eg. ifconfig or other command. kindly help me out. (6 Replies)
Discussion started by: pradeepreddy
6 Replies

3. Solaris

patchadd command

# patchadd /Desktop/117837-08.jar Validating patches... Loading patches installed on the system... Done! Loading patches requested to install. Done! The following requested patches have packages not installed on the system Package SPROcc from directory SPROcc in patch 117837-08 is... (19 Replies)
Discussion started by: seyiisq
19 Replies

4. Shell Programming and Scripting

root user command in shell script execute as normal user

Hi All I have written one shell script for GPRS route add is given below named GPRSRouteSet.sh URL="www.google.com" VBURL="10.5.2.211" echo "Setting route for $URL for GPRS" URL_Address=`nslookup $URL|grep Address:|grep -v "#"|awk -F " " '{print $2}'|head -1` echo "Executing ... (3 Replies)
Discussion started by: mnmonu
3 Replies

5. UNIX for Dummies Questions & Answers

Allow a user use a specific root command!

Hi, I like to allow an user to permit an root command " /usr/ucb/ps -auxwww", do you know how? Kind regards Mehrdad (6 Replies)
Discussion started by: mehrdad68
6 Replies

6. Shell Programming and Scripting

Execute Root command as Normal user

Hi, We need to execute a root commmand to change the expiry period of a user but we are getting error as permission denied Q How can we execute a root command by a normal user ? :mad: any thing or suggestion will be good .... :b: (3 Replies)
Discussion started by: abhishek1979
3 Replies

7. UNIX for Dummies Questions & Answers

Execute a command as root from normal user

Hi , I am trying to stop and start a process using the below code. I have sudo access on my machine ## PID = process id echo "$PASSWD" | sudo -S kill -9 <PID> echo "$PASSWD" | sudo -S /opt/abc/startserver /opt/abc/startserver: error while loading shared libraries: librts.so: cannot open... (6 Replies)
Discussion started by: rakeshkumar
6 Replies

8. Red Hat

Limit root user of SSH logins

Hi team, I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like: @root hard maxlogins 1 I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this: ... (10 Replies)
Discussion started by: leo_ultra_leo
10 Replies

9. Shell Programming and Scripting

Execute a command with root user

i m logged in with user1 id. i wish to execute the below as root user for which i tried several commands but all of them fail. sudo 'cat /tmp/tmp.file >>/etc/logger' Password: sudo: cat /tmp/tmp.file >>/etc/logger: command not found sudo cat /tmp/tmp.file >>/etc/logger bash:... (5 Replies)
Discussion started by: mohtashims
5 Replies

10. UNIX for Beginners Questions & Answers

Running a command as another non-root user

Hi, I am trying to run a command within my KSH script as another user due to permission issues, now both users are non root. I have tried the following command and was unsuccessful: echo "<password>" | sudo -S -u <username> -k command Can I use sudo to run a command as a non-root user? (5 Replies)
Discussion started by: MIA651
5 Replies

LEARN ABOUT OPENDARWIN

profiles

profiles(1)															       profiles(1)

NAME

       profiles - print execution profiles for a user

SYNOPSIS

       profiles [-l] [ user ...]

       The  profiles  command  prints  on standard output the names of the execution profiles that have been assigned to you or to the optionally-
       specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform  a  spe-
       cific  function.  Along	with  each  listed executable are the process attributes, such as the effective user and group IDs, with which the
       process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
       Profiles can contain other profiles defined in prof_attr(4).

       Multiple  profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
       the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
       used for process-attribute settings. For convenience, a wild card can be specified to match all commands.

       When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
       (see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
       the authorizations list, and matching entries in exec_attr(4) provide the commands list.

       The following options are supported:

       -l	Lists the commands in each profile followed by the special process attributes such as user and group IDs.

       Example 1: Sample Output

       The output of the profiles command has the following form:

       example% profiles tester01 tester02
       tester01 : Audit Management, All Commands
       tester02 : Device Management, All Commands
       example%

       Example 2: Using the list Option

       example% profiles -l tester01 tester02
       tester01 :
	   Audit Management:
	     /usr/sbin/audit	      euid=root
	     /usr/sbin/auditconfig    euid=root    egid=sys
	   All Commands:
	     *
       tester02 :
	   Device Management:
	     /usr/bin/allocate:       euid=root
	     /usr/bin/deallocate:     euid=root
	   All Commands
	     *
       example%

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

       /etc/security/exec_attr

       /etc/security/prof_attr

       /etc/user_attr

       /etc/security/policy.conf

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)

								    11 Feb 2000 						       profiles(1)
All times are GMT -4. The time now is 05:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy