Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sudo access of rm to non-root user
Operating Systems Solaris Sudo access of rm to non-root user Post 303002418 by Don Cragun on Wednesday 23rd of August 2017 10:59:08 PM
Old 08-23-2017
Quote:
Originally Posted by solaris_1977
This application should not run as root.
If application team needs to restart their application, they are required to remove file /opt/vpp/dom1.2/pdd/today_23 or else application will not start clean. And this file is owned by root always. app_user should be eligible so restart this application, so I have already given start/stop sudo access to app_user, but not sure how should I give rm access only for that specific file.
You're missing the point.

We understand that your application should not run as root. What Jim suggested is that the other application that is creating a file owned by root should change the owner of the file that you want your application to remove to be app_user; not root. If a user needs to be able to remove a file, that user needs to have appropriate permissions to remove that file. If a user named app_user needs to be able to remove a file, there is no reason why a user named root needs to own that file.
This User Gave Thanks to Don Cragun For This Post:
solaris_1977
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

2. AIX

sudo user access

I have installed sudo on AIX 6100-04 and want to know how do I set it up for a user to be able to run only some commands? I want to give the user the rights to only cd to certain directories and run the ls command to name a few? Are there any issues with running sudo when the user is forced to... (2 Replies)
Discussion started by: daveisme
2 Replies

3. Shell Programming and Scripting

Cron job initiating ssh AND sudo (from user, not root)

I've been bashing my head on the desk for 2 days trying to get this to work, but I've had no luck. I'll try to be as clear as possible in my explanation without dragging out the details. I'm trying to set up a cron job for user "john" which runs a script. This script initiates an ssh connection to... (5 Replies)
Discussion started by: eh3civic
5 Replies

4. UNIX for Dummies Questions & Answers

sudo/root access

I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'. I tried and got a error message like "not allowed". After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well. Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies

5. UNIX for Dummies Questions & Answers

Sudo to delegate permission from non-root user to another non-root user

I've been through many threads before i decide to create a separate thread. I can't really find the solution to my (simple) problem. Here's what I'm trying to achieve: As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user. The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies

6. AIX

how to remove sudo access from a user ?

Hello Folks, I need help on removing sudo access on one id but first of all, can i confirm that the user below is having sudo access ? if he did have sudo access, how to remove ? thanks alrsprd3:root-/etc> more sudoers | grep fzcx0l fzcx0l ALL=(ALL) ALL alrsprd3:root-/etc> (2 Replies)
Discussion started by: wingcross
2 Replies

7. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

8. UNIX for Dummies Questions & Answers

Create user with sudo ability to root.

Hi All, I need to give an user sudo ability to root. We have also generated RSA key but unable to proceed further. For example after a user logs into the server normally and when he executes below command $ssh root@server_name This should take you to root prompt # Please help me.... (3 Replies)
Discussion started by: Rockyc3400
3 Replies

9. Red Hat

Sudo to user other than root but do not allow sudo to root

I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies

10. UNIX for Advanced & Expert Users

How to provide root access via sudo with restrictions?

Hi, I have a requirement to provide root access but user should not run some specific commands, How it is possible. following is my configuration at sudoers file, Cmnd_Alias MYLIMIT = /usr/bin/passwd /sbin/shutdown /usr/bin/reboot /usr/sbin/visudo /bin/vi /usr/bin/vim test2... (5 Replies)
Discussion started by: anuragr
5 Replies

LEARN ABOUT REDHAT

pam_xauth

pam_xauth(8)						   System Administrator's Manual					      pam_xauth(8)

NAME

       pam_xauth - forward xauth keys between users

SYNOPSIS

       session optional /lib/security/pam_xauth.so arguments

DESCRIPTION

       pam_xauth.so is designed to forward xauth keys (sometimes referred to as "cookies") between users.

       Without	pam_xauth,  when xauth is enabled and a user uses the su command to assume another user's priviledges, that user is no longer able
       to access the original user's X display because the new user does not have the key needed to access  the  display.   pam_xauth  solves  the
       problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target
       user) when the session is created, and destroying the key when the session is torn down.

       This means, for example, that when you run su from an xterm sesssion, you will be able to run X programs without  explicitly  dealing  with
       the xauth command or ~/.Xauthority files.

       pam_xauth will only forward keys if xauth can list a key connected to the $DISPLAY environment variable.

       Primitive access control is provided by ~/.xauth/export in the invoking user's home directory and ~/.xauth/import in the target user's home
       directory.

       If a user has a ~/.xauth/import file, the user will only receive cookies from users listed in the file.	If  there  is  no  ~/.xauth/import
       file, the user will accept cookies from any other user.

       If  a  user has a .xauth/export file, the user will only forward cookies to users listed in the file.  If there is no ~/.xauth/export file,
       and the invoking user is not root, the user will forward cookies to any other user.  If there is no ~/.xauth/export file, and the  invoking
       user is root, the user will not forward cookies to other users.

       Both  the  import  and export files support wildcards (such as *).  Both the import and export files can be empty, signifying that no users
       are allowed.

ARGUMENTS

       debug  Turns on debugging messages sent to syslog.

       xauthpath=/usr/X11R6/bin/xauth
	      Specify the path the xauth program (the default is /usr/X11R6/bin/xauth).

IMPLEMENTATION DETAILS

       pam_xauth will work only if it is used from a setuid application in which the getuid() call returns the id of the user running the applica-
       tion,  and for which PAM can supply the name of the account that the user is attempting to assume.  The typical application of this type is
       su.  The application must call both pam_open_session() and pam_close_session() with the ruid set to the uid of the  calling  user  and  the
       euid set to root, and must have provided as the PAM_USER item the name of the target user.

       pam_xauth  calls  xauth as the source user to extract the key for $DISPLAY, then calls xauth as the target user to merge the key into the a
       temporary database and later remove the database.

       pam_xauth cannot be told not to remove the keys when the session is closed.

SEE ALSO

       /usr/share/doc/pam*/html/index.html

FILES

       ~/.xauth/import ~/.xauth/export

BUGS

       Let's hope not, but if you find any, please report them via the "Bug Track" link at http://bugzilla.redhat.com/bugzilla/

AUTHOR

       Nalin Dahyabhai <nalin@redhat.com>, based on original version by Michael K. Johnson <johnsonm@redhat.com>

Red Hat Linux							     2001/9/27							      pam_xauth(8)
All times are GMT -4. The time now is 07:12 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy