Are there any processes with any of these owners?
These are probably affected.
IMHO, if the login password is locked/invalid, there is not much gain in disabling the login shell.
Hi Gang,
Running a script in AIX 5.3. Users wanted me to add a "confirm you want to run script, enter 'y' or 'n'" kind of thing... here is what I came up with:
#!/bin/sh
myfile=`basename "$1"`
dateNow=`date "+%m.%d.%Y.%H.%M.%S"` # Get current date
mydatedfile=$myfile.$dateNow... (2 Replies)
What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Hi there
how can i get the result of a command to not give me its error. For example, on certain systems the 'zfs' command below is not available, but this is fine becaues I am testing against $? so i dont want to see the message " command not found" Ive tried outputting to /dev/null 2>&1 to no... (5 Replies)
Hey, I'm completely new at this and I was wondering if there is a way that I would be able to redirect the log files in a directories standard output and standard error into and excel spreadsheet in anyway?
Please remember don't use too advanced of terminology as I just started using shell... (6 Replies)
Hi Everyone,
When I runthe query in ssh shell sudo cat /etc/security/user , I see half of the users cut down from the display screen. what I want to do is using the somthing like "pop" that when I hit the enter key every time the screen should move to the next user? does some one has any idea how... (4 Replies)
Discussion started by: starter2011
4 Replies
LEARN ABOUT SUNOS
smrsh
smrsh(1M) System Administration Commands smrsh(1M)NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for the sh command in the prog mailer in sendmail(1M) configuration files. The smrsh program
sharply limits commands that can be run using the |program syntax of sendmail. This improves overall system security. smrsh limits the set
of programs that a programmer can execute, even if sendmail runs a program without going through an alias or forward file.
Briefly, smrsh limits programs to be in the directory /var/adm/sm.bin, allowing system administrators to choose the set of acceptable com-
mands. It also rejects any commands with the characters: ,, <, >, |, ;, &, $,
(<RETURN>), or
(<NEWLINE>) on the command line to pre-
vent end run attacks.
Initial pathnames on programs are stripped, so forwarding to /usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation, and
vacation all actually forward to/var/adm/sm.bin/vacation.
System administrators should be conservative about populating /var/adm/sm.bin. Reasonable additions are utilities such as vacation(1) and
procmail. Never include any shell or shell-like program (for example, perl) in the sm.bin directory. This does not restrict the use of
shell or perl scrips in the sm.bin directory (using the #! syntax); it simply disallows the execution of arbitrary programs.
OPTIONS
The following options are supported:
-c command
Where command is a valid command, executes command.
FILES
/var/adm/sm.bin directory for restricted programs
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsr, SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO sendmail(1M), , attributes(5)SunOS 5.10 6 Nov 1998 smrsh(1M)