08-23-2017
Quote:
Originally Posted by
solaris_1977
This application should not run as root.
If application team needs to restart their application, they are required to remove file /opt/vpp/dom1.2/pdd/today_23 or else application will not start clean. And this file is owned by root always. app_user should be eligible so restart this application, so I have already given start/stop sudo access to app_user, but not sure how should I give rm access only for that specific file.
You're missing the point.
We understand that your application should not run as root. What Jim suggested is that the other application that is creating a file owned by root should change the owner of the file that you want your application to remove to be app_user; not root. If a user needs to be able to remove a file, that user needs to have appropriate permissions to remove that file. If a user named app_user needs to be able to remove a file, there is no reason why a user named root needs to own that file.
This User Gave Thanks to Don Cragun For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
2. AIX
I have installed sudo on AIX 6100-04 and want to know how do I set it up for a user to be able to run only some commands? I want to give the user the rights to only cd to certain directories and run the ls command to name a few? Are there any issues with running sudo when the user is forced to... (2 Replies)
Discussion started by: daveisme
2 Replies
3. Shell Programming and Scripting
I've been bashing my head on the desk for 2 days trying to get this to work, but I've had no luck. I'll try to be as clear as possible in my explanation without dragging out the details. I'm trying to set up a cron job for user "john" which runs a script. This script initiates an ssh connection to... (5 Replies)
Discussion started by: eh3civic
5 Replies
4. UNIX for Dummies Questions & Answers
I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'.
I tried and got a error message like "not allowed".
After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well.
Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies
5. UNIX for Dummies Questions & Answers
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies
6. AIX
Hello Folks,
I need help on removing sudo access on one id but first of all, can i confirm that the user below is having sudo access ?
if he did have sudo access, how to remove ?
thanks
alrsprd3:root-/etc> more sudoers | grep fzcx0l
fzcx0l ALL=(ALL) ALL
alrsprd3:root-/etc> (2 Replies)
Discussion started by: wingcross
2 Replies
7. Shell Programming and Scripting
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
Discussion started by: adisky123
4 Replies
8. UNIX for Dummies Questions & Answers
Hi All,
I need to give an user sudo ability to root.
We have also generated RSA key but unable to proceed further.
For example after a user logs into the server normally and when he executes below command
$ssh root@server_name
This should take you to root prompt #
Please help me.... (3 Replies)
Discussion started by: Rockyc3400
3 Replies
9. Red Hat
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies
10. UNIX for Advanced & Expert Users
Hi,
I have a requirement to provide root access but user should not run some specific commands, How it is possible.
following is my configuration at sudoers file,
Cmnd_Alias MYLIMIT = /usr/bin/passwd /sbin/shutdown /usr/bin/reboot /usr/sbin/visudo /bin/vi /usr/bin/vim
test2... (5 Replies)
Discussion started by: anuragr
5 Replies
LEARN ABOUT REDHAT
pam_xauth
pam_xauth(8) System Administrator's Manual pam_xauth(8)
NAME
pam_xauth - forward xauth keys between users
SYNOPSIS
session optional /lib/security/pam_xauth.so arguments
DESCRIPTION
pam_xauth.so is designed to forward xauth keys (sometimes referred to as "cookies") between users.
Without pam_xauth, when xauth is enabled and a user uses the su command to assume another user's priviledges, that user is no longer able
to access the original user's X display because the new user does not have the key needed to access the display. pam_xauth solves the
problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target
user) when the session is created, and destroying the key when the session is torn down.
This means, for example, that when you run su from an xterm sesssion, you will be able to run X programs without explicitly dealing with
the xauth command or ~/.Xauthority files.
pam_xauth will only forward keys if xauth can list a key connected to the $DISPLAY environment variable.
Primitive access control is provided by ~/.xauth/export in the invoking user's home directory and ~/.xauth/import in the target user's home
directory.
If a user has a ~/.xauth/import file, the user will only receive cookies from users listed in the file. If there is no ~/.xauth/import
file, the user will accept cookies from any other user.
If a user has a .xauth/export file, the user will only forward cookies to users listed in the file. If there is no ~/.xauth/export file,
and the invoking user is not root, the user will forward cookies to any other user. If there is no ~/.xauth/export file, and the invoking
user is root, the user will not forward cookies to other users.
Both the import and export files support wildcards (such as *). Both the import and export files can be empty, signifying that no users
are allowed.
ARGUMENTS
debug Turns on debugging messages sent to syslog.
xauthpath=/usr/X11R6/bin/xauth
Specify the path the xauth program (the default is /usr/X11R6/bin/xauth).
IMPLEMENTATION DETAILS
pam_xauth will work only if it is used from a setuid application in which the getuid() call returns the id of the user running the applica-
tion, and for which PAM can supply the name of the account that the user is attempting to assume. The typical application of this type is
su. The application must call both pam_open_session() and pam_close_session() with the ruid set to the uid of the calling user and the
euid set to root, and must have provided as the PAM_USER item the name of the target user.
pam_xauth calls xauth as the source user to extract the key for $DISPLAY, then calls xauth as the target user to merge the key into the a
temporary database and later remove the database.
pam_xauth cannot be told not to remove the keys when the session is closed.
SEE ALSO
/usr/share/doc/pam*/html/index.html
FILES
~/.xauth/import ~/.xauth/export
BUGS
Let's hope not, but if you find any, please report them via the "Bug Track" link at http://bugzilla.redhat.com/bugzilla/
AUTHOR
Nalin Dahyabhai <nalin@redhat.com>, based on original version by Michael K. Johnson <johnsonm@redhat.com>
Red Hat Linux 2001/9/27 pam_xauth(8)