Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: sudo - User privilege specification
Operating Systems AIX sudo - User privilege specification Post 302587341 by gito on Wednesday 4th of January 2012 03:33:51 PM
Old 01-04-2012
I am sorry but this is worst idea that you can have....

Let me give some examples how you can gain root privileges:

vi - is having possibility to go out to shell..with root access or you cann edit any file
smitty - the same thin on each moment you can press F9 and go to shell
find - command has also privileges to execute commands as root (look for exec in man)
cat - using this command you can overwrite any file and then usi it to execute any command on system
chuser - with this command you can change any user parameters including root

All those commands looks harmless but you can use them to gain root privileges.
In my opinion or you are giving privileges to people that you can trust or you are not giving them privileges at all.

Any half way just creates risk to you.

If you have some application teams that you do not want to give root access just give them access to sudo su - to specific application user if they need more privileges they should ask you for help
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Write privilege for user

Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory? My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies

2. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies

3. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

4. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies

5. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies

6. Red Hat

Save sudo privilege for session

I have setup public key based login to my CentOS VPS. I wish to disable direct root login and have created an admin user under wheel group and have modified /etc/sudoers file and gave Wheel group all privileges. But now I am being prompted for password whenever I type sudo. I do not wish to... (4 Replies)
Discussion started by: JoyceBabu
4 Replies

7. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

8. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

9. Solaris

Assigning proc_owner privilege to particular user in RBAC

Hi I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this. Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies

LEARN ABOUT OPENSOLARIS

pfksh

pfexec(1)							   User Commands							 pfexec(1)

NAME

       pfexec, pfsh, pfcsh, pfksh - execute a command in a profile

SYNOPSIS

       /usr/bin/pfexec command

       /usr/bin/pfexec -P privspec command [ arg ]...

       /usr/bin/pfsh [ options ] [ argument ]...

       /usr/bin/pfcsh [ options ] [ argument ]...

       /usr/bin/pfksh [ options ] [ argument ]...

DESCRIPTION

       The  pfexec  program  is  used to execute commands with the attributes specified by the user's profiles in the exec_attr(4) database. It is
       invoked by the profile shells, pfsh, pfcsh, and pfksh which are linked to the Bourne shell, C shell, and Korn shell, respectively.

       Profiles are searched in the order specified in the user's entry in the user_attr(4) database. If the same command appears in more than one
       profile, the profile shell uses the first matching entry.

       The  second form, pfexec -P privspec, allows a user to obtain the additional privileges awarded to the user's profiles in prof_attr(4). The
       privileges specification on the commands line is parsed using priv_str_to_set(3C). The resulting privileges are intersected with the  union
       of  the	privileges specified using the "privs" keyword in prof_attr(4) for all the user's profiles and added to the inheritable set before
       executing the command.

USAGE

       pfexec is used to execute commands with predefined process attributes,  such as specific user or group IDs.

       Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage descriptions of the profile shells.

EXAMPLES

       Example 1 Obtaining additional user privileges

	 example% pfexec -P all chown user file

       This command runs chown user file with all privileges assigned to the current user, not necessarily all privileges.

EXIT STATUS

       The following exit values are returned:

       0     Successful completion.

       1     An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       csh(1), ksh(1), profiles(1), sh(1), exec_attr(4), prof_attr(4), user_attr(4), attributes(5)

SunOS 5.11							    3 Mar 2003								 pfexec(1)
All times are GMT -4. The time now is 11:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy