Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Grant unprivileged user rights to see the output of echo|format but not modify disks
Operating Systems Solaris Grant unprivileged user rights to see the output of echo|format but not modify disks Post 302955335 by os2mac on Wednesday 16th of September 2015 12:36:47 PM
Old 09-16-2015
so I tried to do a variation of this

Code:
echo "formaters:::Format command for formaters:" >> /etc/security/prof_attr
echo "formaters:suser:cmd:::/export/home/john/format_echo.sh:euid=0" >> /etc/security/exec_attr
# in /etc/user_attr modify the line to add the profile or use usermod command.
john::::type=normal;defaultpriv=basic;profiles=formaters

where format_echo.sh is
Code:
#!/usr/bin/pfbash
echo|format

file is 755 and owned by root:johns_group

i've tried to execute the .sh script as john using both pfexec and pkbash and get the following output:

Code:
john@solaris:~$ ./format_echo.sh
Searching for disks...done
No permission (or no disks found)!

I suspect this is because the same issue still applies in that the user doesn't have access to run format. correct?
Last edited by os2mac; 09-16-2015 at 01:38 PM.. Reason: clarity
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to enable ifconfig to unprivileged user?

Hello, everyone. I have installed Red Hat 9.0 and Mandrake 9.1 on my computer. I could use a unprivileged user account to run "ifconfig" directly. But when I was using Red Hat, either root or other accounts could run "ifconfig" --- the error messege said: "bash: ifconfig: command not found". I... (5 Replies)
Discussion started by: HOUSCOUS
5 Replies

2. UNIX for Dummies Questions & Answers

filesystem monitor, for unprivileged user

how can i, ordinary, not a privileged user, monitor my part of filesystem ($HOME dir), to see (at least in log) when and which files was created/deleted/moved ? (I heard something abound "sandbox", but i don`t need to restrict applications, i just want to log its actions) p.s. my system is... (0 Replies)
Discussion started by: variety
0 Replies

3. HP-UX

User rights

I wan to create a user e.g. Tom. whenever a file is created by user Tom or FTP is done using user as Tom, the rights on the file should be 777 (by default). how can I achieve this. Please help. Its very urgent. (1 Reply)
Discussion started by: sharmavr
1 Replies

4. Linux

grant root privileges to ordinary user

Hi, Is it possible to grant root privileges to an ordinary user? Other than 'sudo', is there some way under Users/Groups configuration? I want ordinary user to be able to mount, umount and use command mt. /Brendan (4 Replies)
Discussion started by: brendan76
4 Replies

5. UNIX for Dummies Questions & Answers

Format output from "echo" command

Hi, I have written a BASH shell script that contains a lot of "echo" commands to notify the user about what's going on. The script generates a log file that contains a copy of what is seen in the terminal. The echo statements are generally verbose, and thus extend out for quite a ways on one... (2 Replies)
Discussion started by: msb65
2 Replies

6. Shell Programming and Scripting

Modify a perl line to parse out and output to another format

Hey there... I am looking for a way to take the below contents ( small excerpt) of this file called PTR.csv ptrrecord,0000002e0cc0.homeoffice.anfcorp.com,,10.11.191.62,,,False,62.191.11.10.in-addr.arpa,,302400,default... (6 Replies)
Discussion started by: richsark
6 Replies

7. Shell Programming and Scripting

modify ls -l (long listing format output) strictly using SED only straightforward goalhard 4 me doh

Below is a sample out of ls -l which I would like to rearrange or modify by field numbers for example I successfully managed to disect using simple paragraph however for ls -l I can't divide the rows or fields by field number. Successful modification by fields using SED sample: $ sed -e... (1 Reply)
Discussion started by: wolf@=NK
1 Replies

8. Shell Programming and Scripting

How to grep the grant statement and output to the different files?

Hi currently I have a list of *.sql files. one of the file, terminal is Prompt Table TERMINAL; CREATE TABLE TERMINAL ( TERMINAL_ID NUMBER(8), EXCEL_TERMINAL_ID NUMBER(8), MERCHANT_ID NUMBER(8), SETTLE_TIME VARCHAR2(4 CHAR) ); COMMENT... (4 Replies)
Discussion started by: jediwannabe
4 Replies

9. UNIX for Beginners Questions & Answers

Solaris, grant user to kill another process

the task is grant user1 to kill another (for example user2) process. My steps: by root: usermod -P "Process Management" user1 login user1 user1@server (~) pfexec kill <PID> the result is: ksh: <PID>: not found or user1@server (~) pfexec pkill <PID> the result: nothing happens, still... (0 Replies)
Discussion started by: dsyberia
0 Replies

10. AIX

Unable to set ACLs on sulog - need to grant read permission to a normal user on AIX 6.1

Hi, I need to grant read permission to a normal user on sulog file on AIX 6.1. As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies

LEARN ABOUT POSIX

profiles

profiles(1)															       profiles(1)

NAME

       profiles - print execution profiles for a user

SYNOPSIS

       profiles [-l] [ user ...]

       The  profiles  command  prints  on standard output the names of the execution profiles that have been assigned to you or to the optionally-
       specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform  a  spe-
       cific  function.  Along	with  each  listed executable are the process attributes, such as the effective user and group IDs, with which the
       process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
       Profiles can contain other profiles defined in prof_attr(4).

       Multiple  profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
       the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
       used for process-attribute settings. For convenience, a wild card can be specified to match all commands.

       When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
       (see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
       the authorizations list, and matching entries in exec_attr(4) provide the commands list.

       The following options are supported:

       -l	Lists the commands in each profile followed by the special process attributes such as user and group IDs.

       Example 1: Sample Output

       The output of the profiles command has the following form:

       example% profiles tester01 tester02
       tester01 : Audit Management, All Commands
       tester02 : Device Management, All Commands
       example%

       Example 2: Using the list Option

       example% profiles -l tester01 tester02
       tester01 :
	   Audit Management:
	     /usr/sbin/audit	      euid=root
	     /usr/sbin/auditconfig    euid=root    egid=sys
	   All Commands:
	     *
       tester02 :
	   Device Management:
	     /usr/bin/allocate:       euid=root
	     /usr/bin/deallocate:     euid=root
	   All Commands
	     *
       example%

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

       /etc/security/exec_attr

       /etc/security/prof_attr

       /etc/user_attr

       /etc/security/policy.conf

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)

								    11 Feb 2000 						       profiles(1)
All times are GMT -4. The time now is 09:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy