01-04-2012
I guess that granularity will be not possible with sudo. sudo will be used for a positive list, what they may do, not what they may not do. You might want to have a look into RBAC (Role Based Access Control). You can create a role with just the permissions your users need and assign that to them. There are some IBM Redbooks and IBM System Magazine articles about security handling RBAC.
Last edited by zaxxon; 01-04-2012 at 05:23 AM..
Reason: typo
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory?
My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies
2. AIX
I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root.
/usr/IBMIHS/bin# ./apachectl start
(13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies
3. Solaris
Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies
4. UNIX for Dummies Questions & Answers
Hello experts I am new to Unix.
Env : HPUX
I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits .
How do I do that.
Reason for such a request :-
I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies
5. AIX
How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies
6. Red Hat
I have setup public key based login to my CentOS VPS. I wish to disable direct root login and have created an admin user under wheel group and have modified /etc/sudoers file and gave Wheel group all privileges.
But now I am being prompted for password whenever I type sudo. I do not wish to... (4 Replies)
Discussion started by: JoyceBabu
4 Replies
7. Cybersecurity
I am planning to implement sudo for users.
Under , it looks I have to put the users who need to have sudo access:
What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users.
I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies
8. Shell Programming and Scripting
Hi ,
I want to create 3 different user with below privilege in Solaris and Linux.
1) Read Only
2)Read and Write Only
3) Admin user
Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies
9. Solaris
Hi
I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this.
Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies
LEARN ABOUT MOJAVE
bioutil
bioutil(1) BSD General Commands Manual bioutil(1)
NAME
bioutil -- tool for viewing/changing Touch ID configuration and listing/deleting enrolled fingerprints
SYNOPSIS
bioutil {-r | -w [-f { 0 | 1 }] [-u { 0 | 1 }] [-a { 0 | 1 }]} | [-c] | [-p] | [-d <uid>] [-s]
DESCRIPTION
bioutil provides the possibility of viewing and changing Touch ID configuration, both system-wide and user-specific. It also allows listing
and deleting enrolled fingerprints.
OPTIONS
-r, --read
Read Touch ID configuration.
-w, --write
Write Touch ID configuration.
-s, --system
Indicates that system-wide configuration is to be read/written (user-specific configuration is the default) or that a system-wide
list/delete operation is to be performed.
-f, --function
Enables (1) or disables (0) overall Touch ID functionality (system-wide configuration only).
-u, --unlock
Enables (1) or disables (0) Touch ID for unlock.
-a, --applepay
Enables (1) or disables (0) Touch ID for ApplePay (user-specific configuration only).
-c, --count
Provides number of enrolled fingerprints of the current user or of all users (when run with -s as an administrator)
-p, --purge
Deletes all enrolled fingerprints of the current user or of all users (when run with -s as an administrator)
-d, --delete
Deletes all enrolled fingerprints of the user with given user ID (must be run as an administrator)
EXAMPLES
bioutil -r
Reads Touch ID configuration for the current user.
bioutil -r -s
Reads system-wide Touch ID configuration.
bioutil -w -u 1
Enables Touch ID for unlock for the current user.
sudo bioutil -w -s -u 0
Disables Touch ID for unlock for the whole system.
bioutil -c
Prints the number of enrolled fingerprints of the current user.
bioutil -p
Deletes all enrolled fingerprints of the current user.
sudo bioutil -c -s
Prints numbers of enrolled fingerprints of all enrolled users.
sudo bioutil -p -s
Deletes all fingerprints from the system.
sudo bioutil -s -d 501
Deletes all fingerprints of user 501.
Darwin May 31, 2019 Darwin