12-30-2011
Well I would suggest that you create Cmnd_Alias in /etc/sudoers depending on the users' roles. Then, create groups depending on the roles and add the users in those groups. Provide the group to use the Cmnd_Alias. This way, it will save you a lot of time when you have new user with the same role and when you need to add new commands for the particular role.
If you let me know the role for the users, I might be able to show you an example of how to set sudo privileges for them.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory?
My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies
2. AIX
I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root.
/usr/IBMIHS/bin# ./apachectl start
(13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies
3. Solaris
Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies
4. UNIX for Dummies Questions & Answers
Hello experts I am new to Unix.
Env : HPUX
I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits .
How do I do that.
Reason for such a request :-
I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies
5. AIX
How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies
6. Red Hat
I have setup public key based login to my CentOS VPS. I wish to disable direct root login and have created an admin user under wheel group and have modified /etc/sudoers file and gave Wheel group all privileges.
But now I am being prompted for password whenever I type sudo. I do not wish to... (4 Replies)
Discussion started by: JoyceBabu
4 Replies
7. Cybersecurity
I am planning to implement sudo for users.
Under , it looks I have to put the users who need to have sudo access:
What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users.
I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies
8. Shell Programming and Scripting
Hi ,
I want to create 3 different user with below privilege in Solaris and Linux.
1) Read Only
2)Read and Write Only
3) Admin user
Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies
9. Solaris
Hi
I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this.
Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ...]
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1: Sample output
The output of the roles command has the following form:
example% roles tester01 tester02
tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.10 14 Feb 2001 roles(1)