|
|
Sponsored Content
Operating Systems
Solaris
Grant unprivileged user rights to see the output of echo|format but not modify disks
Post 302955366 by jlliagre on Wednesday 16th of September 2015 05:30:31 PM
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello, everyone. I have installed Red Hat 9.0 and Mandrake 9.1 on my computer. I could use a unprivileged user account to run "ifconfig" directly. But when I was using Red Hat, either root or other accounts could run "ifconfig" --- the error messege said: "bash: ifconfig: command not found". I... (5 Replies)
Discussion started by: HOUSCOUS
5 Replies
2. UNIX for Dummies Questions & Answers
how can i, ordinary, not a privileged user, monitor my part of filesystem ($HOME dir), to see (at least in log) when and which files was created/deleted/moved ?
(I heard something abound "sandbox", but i don`t need to restrict applications, i just want to log its actions)
p.s. my system is... (0 Replies)
Discussion started by: variety
0 Replies
3. HP-UX
I wan to create a user e.g. Tom. whenever a file is created by user Tom or FTP is done using user as Tom, the rights on the file should be 777 (by default). how can I achieve this. Please help. Its very urgent. (1 Reply)
Discussion started by: sharmavr
1 Replies
4. Linux
Hi,
Is it possible to grant root privileges to an ordinary user?
Other than 'sudo', is there some way under Users/Groups configuration?
I want ordinary user to be able to mount, umount and use command mt.
/Brendan (4 Replies)
Discussion started by: brendan76
4 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I have written a BASH shell script that contains a lot of "echo" commands to notify the user about what's going on. The script generates a log file that contains a copy of what is seen in the terminal. The echo statements are generally verbose, and thus extend out for quite a ways on one... (2 Replies)
Discussion started by: msb65
2 Replies
6. Shell Programming and Scripting
Hey there...
I am looking for a way to take the below contents ( small excerpt) of this file called PTR.csv
ptrrecord,0000002e0cc0.homeoffice.anfcorp.com,,10.11.191.62,,,False,62.191.11.10.in-addr.arpa,,302400,default... (6 Replies)
Discussion started by: richsark
6 Replies
7. Shell Programming and Scripting
Below is a sample out of ls -l which I would like to rearrange or modify by field numbers for example I successfully managed to disect using simple paragraph however for ls -l I can't divide the rows or fields by field number.
Successful modification by fields using SED sample:
$ sed -e... (1 Reply)
Discussion started by: wolf@=NK
1 Replies
8. Shell Programming and Scripting
Hi
currently I have a list of *.sql files.
one of the file, terminal is
Prompt Table TERMINAL;
CREATE TABLE TERMINAL
(
TERMINAL_ID NUMBER(8),
EXCEL_TERMINAL_ID NUMBER(8),
MERCHANT_ID NUMBER(8),
SETTLE_TIME VARCHAR2(4 CHAR)
);
COMMENT... (4 Replies)
Discussion started by: jediwannabe
4 Replies
9. UNIX for Beginners Questions & Answers
the task is grant user1 to kill another (for example user2) process. My steps:
by root:
usermod -P "Process Management" user1
login user1
user1@server (~) pfexec kill <PID>
the result is:
ksh: <PID>: not found
or user1@server (~) pfexec pkill <PID>
the result: nothing happens, still... (0 Replies)
Discussion started by: dsyberia
0 Replies
10. AIX
Hi,
I need to grant read permission to a normal user on sulog file on AIX 6.1.
As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies
LEARN ABOUT V7
exec_attr
exec_attr(4) exec_attr(4) NAME
exec_attr - execution profiles database SYNOPSIS
/etc/security/exec_attr /etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles. The exec_attr file can be used with other sources for execution profiles, including the exec_attr NIS map and NIS+ table. Programs use the getexecattr(3SECDB) rou- tines to access this information. The search order for multiple execution profile sources is specified in the /etc/nsswitch.conf file, as described in the nsswitch.conf(4) man page. The search order follows the entry for prof_attr(4). A profile is a logical grouping of authorizations and commands that is interpreted by a profile shell to form a secure execution environ- ment. The shells that interpret profiles are pfcsh, pfksh, and pfsh. See the pfsh(1) man page. Each user's account is assigned zero or more profiles in the user_attr(4) database file. Each entry in the exec_attr database consists of one line of text containing seven fields separated by colons (:). Line continuations using the backslash (fR) character are permitted. The basic format of each entry is: name:policy:type:res1:res2:id:attr name The name of the profile. Profile names are case-sensitive. policy The security policy that is associated with the profile entry. The valid policies are suser (standard Solaris superuser) and solaris. The solaris policy recognizes privileges (see privileges(5)); the suser policy does not. The solaris and suser policies can coexist in the same exec_attr database, so that Solaris releases prior to the current release can use the suser policy and the current Solaris release can use a solaris policy. solaris is a superset of suser; it allows you to specify privileges in addition to UIDs. Policies that are specific to the current release of Solaris or that contain privileges should use solaris. Policies that use UIDs only or that are not specific to the current Solaris release should use suser. type The type of object defined in the profile. The only valid type is cmd. res1 Reserved for future use. res2 Reserved for future use. id A string that uniquely identifies the object described by the profile. For a profile of type cmd, the id is either the full path to the command or the asterisk (*) symbol, which is used to allow all commands. An asterisk that replaces the filename component in a pathname indicates all files in a particular directory. To specify arguments, the pathname should point to a shell script that is written to execute the command with the desired argument. In a Bourne shell, the effective UID is reset to the real UID of the process when the effective UID is less than 100 and not equal to the real UID. Depending on the euid and egid values, Bourne shell limitations might make other shells preferable. To prevent the effective UIDs from being reset to real UIDs, you can start the script with the -p option. #!/bin/sh -p attr An optional list of semicolon-separated (;) key-value pairs that describe the security attributes to apply to the object upon execu- tion. Zero or more keys may be specified. The list of valid key words depends on the policy enforced. The following key words are valid: euid, uid, egid, gid, privs, and limitprivs. euid and uid contain a single user name or a numeric user ID. Commands designated with euid run with the effective UID indicated, which is similar to setting the setuid bit on an executable file. Commands designated with uid run with both the real and effective UIDs. Setting uid may be more appropriate than setting the euid on privileged shell scripts. egid and gid contain a single group name or a numeric group ID. Commands designated with egid run with the effective GID indicated, which is similar to setting the setgid bit on a file. Commands designated with gid run with both the real and effective GIDs. Setting gid may be more appropriate than setting guid on privileged shell scripts. privs contains a privilege set which will be added to the inheritable set prior to running the command. limitprivs contains a privilege set which will be assigned to the limit set prior to running the command. privs and limitprivs are only valid for the solaris policy. Example 1: Using Effective User ID The following example shows the audit command specified in the Audit Control profile to execute with an effective user ID of root(0): Audit Control:suser:cmd:::/usr/sbin/audit:euid=0 /etc/nsswitch.conf /etc/user_attr /etc/security/exec_attr CAVEATS
When deciding which authorization source to use (see ), keep in mind that NIS+ provides stronger authentication than NIS. Because the list of legal keys is likely to expand, any code that parses this database must be written to ignore unknown key-value pairs without error. When any new keywords are created, the names should be prefixed with a unique string, such as the company's stock symbol, to avoid potential naming conflicts. The following characters are used in describing the database format and must be escaped with a backslash if used as data: colon (:), semi- colon (;), equals (=), and backslash (fR). auths(1), profiles(1), roles(1), sh(1), makedbm(1M), getauthattr(3SECDB), getauusernam(3BSM), getexecattr(3SECDB), getprofattr(3SECDB), getuserattr(3SECDB), kva_match(3SECDB), auth_attr(4), prof_attr(4), user_attr(4), privileges(5) 25 Feb 2005 exec_attr(4)