01-24-2014
sudo elevates user rights by allowing to run certain commands as root There is no absolute safety in that: if a command can run other commands one gets more or all rights. Especially the shell allows everything.
A safer way to elevate user rights is RBAC (role based access control, see Wikipedia). Solaris has an RBAC implementation.
SELinux (Redhat) has another one.
--
But not HP-UX.
You can use another NIS server to provide the user identities (passwd and group), and make your HP-UX a NIS client. So root cannot delete a certain account or change its password. But still can switch to any identity, and create a local identity that covers/replaces the NIS account. NIS is not the only name service; there are LDAP or even Microsoft AD. In order to use these one needs a PAM (e.g. pam_ldap).
10 More Discussions You Might Find Interesting
1. Programming
Hi ,
I want to create a new user using c program not with unix adduser command .
is it possible to write a cprogram to create a new user account , it should accept username , grouid , group name and all other privilages .
i can use system calls inside c program to do this .
i will... (5 Replies)
Discussion started by: naren_chella
5 Replies
2. Solaris
Hi All,
I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions:
- Have only ftp access, no telnet or rlogin
- Have restricted access to its home directory example /export/home/newuser
- Deny access to any other directory.
Thanks for your help,
... (6 Replies)
Discussion started by: Jeremy3
6 Replies
3. UNIX for Dummies Questions & Answers
i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/.
The account have their own home directory (/home/usera).
But on the same time the user cannot run any application/command either than in /application/xxx/.
User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies
4. UNIX for Advanced & Expert Users
i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/.
The account have their own home directory (/home/usera).
But on the same time the user cannot run any application/command either than in /application/xxx/.
User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies
5. Shell Programming and Scripting
Is there any way to create user with default password by shell script withoud manual intervantion and from a text file having user's information and default password.
Thanks (6 Replies)
Discussion started by: wenay
6 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
I wish to create some users, I can do that using the following command.
useradd
I wonder If i could create Uers as a clone of Root. I mean different users but having the same provileages as Root user. Can be ablle to access the Root Dir and so on ..
Please help me out Is this... (6 Replies)
Discussion started by: Asteroid
6 Replies
7. UNIX for Dummies Questions & Answers
hi
how to create new user in unix
plz explain me (3 Replies)
Discussion started by: arulkumar
3 Replies
8. Solaris
Hi,
I tried to search, but could not find answer for this really:
Is it possible to create a user that would have access only to a defined list of files? I would like to create a user that can access a set of files that are located behind different path. This user should not have access to... (1 Reply)
Discussion started by: Juha
1 Replies
9. UNIX for Dummies Questions & Answers
dear guys,
sorry for asking a noob :p question, tried to search the forum for an answer but couldn't find one, i am running solaris 10 and i would like to create a user with limited access to view only one directory, the directory already exist, is this possible:confused:?
thanks and regards (4 Replies)
Discussion started by: q8devilish
4 Replies
10. Ubuntu
Hello folks,
I pretend install Lubuntu 16.04 LTS in pc for any employer use this pc! I think create an user with, only, permission to read and write, 770.
This is the best scenario?
I think create this user through terminal, because I pretend create a script, and I don't where wizard has... (0 Replies)
Discussion started by: enodev
0 Replies
chsh(1) General Commands Manual chsh(1)
NAME
chsh - change login shell
SYNOPSIS
chsh [-D binddn] [-P path] [-s shell] [-l] [-q] [-u] [-v] [user]
DESCRIPTION
chsh is used to change the user login shell. A normal user may only change the login shell for their own account, the super user may
change the login shell for any account.
If a shell is not given on the command line, chsh operates in an interactive fashion, prompting the user with the current login shell.
Enter the new value to change the field, or leave the line blank to use the current value. Enter none to remove the current value. The
current value is displayed between a pair of [ ] marks.
The only restrictions placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the super-
user, and then any value may be added. An account with a restricted login shell may not change their login shell.
This version of chsh is able to change the shell of local, NIS, NIS+ and LDAP accounts , if the permissions allow it.
OPTIONS
-D, --binddn binddn
Use the Distinguished Name binddn to bind to the LDAP directory. The user will be prompted for a password for simple authentica-
tion.
-P, --path path
The passwd file is located below the specified directory path. chsh will use this files, not /etc/passwd. This is useful for exam-
ple on NIS master servers, where you do not want to give all users in the NIS database automatic access to your NIS server and the
NIS map is build from special files.
-s, --shell
Specify your login shell.
-l, --list-shells
Print the list of shells listed in /etc/shells and exit.
-q, --quite
Don't be verbose.
-u, --usage
Print a usage message and exit.
--help
Print a more verbose help text and exit.
-v, --version
Print version information and exit.
FILES
/etc/passwd - user account information
/etc/shells - list of valid login shells
SEE ALSO
chfn(1), passwd(5), shells(5)
AUTHOR
Thorsten Kukuk <kukuk@suse.de>
pwdutils February 2004 chsh(1)