Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Non root user access to /dev/mem
Top Forums UNIX for Advanced & Expert Users Non root user access to /dev/mem Post 303021413 by Neo on Thursday 9th of August 2018 05:53:26 AM
Old 08-09-2018
The instructions are pretty clear in that doc you added:

Quote:
Before running Perceptive Content Server as a non-root user on a shadowed system, you need to configure Role Based Access Control (RBAC) or an Access Control List (ACL).

If your Linux distributor offers RBAC as a supported package or embeds it into the Linux Kernel, you can use the configuration options detailed in the following sections of this document. Otherwise, to achieve rootless authentication, you need to download a third party RBAC kernel module from a trusted source.

Verify that the RBAC kernel provides the roles necessary to read your shadowed passwd file, and can provide read access to /dev/mem. While you can grant ACL read privileges to /etc/shadow, a kernel module/patch is required to grant read privileges to /dev/mem and cannot be granted with ACL privileges alone.

If you are unable to locate a trustable source or you are concerned about security issues with downloading a third party RBAC kernel module, you can use the built in security features of Perceptive

Content to release root privileges and run as another user after server initialization. To use these built insecurity features, you need to configure daemons to run on a non-root user account.
Did you verify your Linux kernel has been built to permit RBAC per the instructions?
 

10 More Discussions You Might Find Interesting

1. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

2. Programming

/dev/mem on Dell Poweredge

Hi, I have a C++ program to access /dev/mem and retrieve details like Vendor, Manufacturer details of the motherboard. This works fine on all the machines except for on Dell Poweredge 2850,1950... machines. I receive a 'EFAULT' when I try to access /dev/mem on these servers. I suspect some... (1 Reply)
Discussion started by: ragisreekanth
1 Replies

3. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

4. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

5. Solaris

Non-root user access to privileged ports-Solaris 8

Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up: SEVERE: Error initializing endpoint java.net.BindException: Permission denied<null>:443 (5 Replies)
Discussion started by: pingmeback
5 Replies

6. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

7. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

8. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

9. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

10. AIX

Best practices for sugroups for root ? backdoor user access ?

greetings, just ran across a fun situation we had overlooked. We have a backdoor user, no special privileges, which we put on every server so that anyone in the shop can get in (passwd in vault) if they need to, even if they don't have a local account on that server. The point of course is to... (3 Replies)
Discussion started by: maraixadm
3 Replies

LEARN ABOUT HPUX

authadm

authadm(1M)															       authadm(1M)

NAME

       authadm - non-interactive command for administrating the authorization information in the RBAC databases

SYNOPSIS

       [object [comments]]
       [object]
       operation [object]
       subrole

DESCRIPTION

       is a non-interactive command that allows users with the appropriate privileges to modify and list authorization information in the and RBAC
       databases files.

       HP recommends using only the and commands to edit and view the RBAC databases -- do not edit the RBAC files without these commands.

       See rbac(5) for more information on these RBAC databases.

   Options
       With the exception of the option, all options recognize a default object.  If the parameter is specified with  a  non-empty  value  in  the
       security  default file, then the value of this parameter will be the default object.  However, if the parameter does not exist or is set to
       an empty value, then the default object will be set to a wild card (*).

       Here is how to specify a value to the parameter in

       For example: In sets the default object to If line is not present or is commented out, then the default object will be set to "*".

       recognizes the following options:

       Adds an authorization pair
	      (operation, object) to the system list of valid authorizations by appending a line to the file.

	      If object is not specified, then a default object will be assigned.  The default object will either be a wild card (*) or the object
	      specified in the security default configuration file, A comment may not be specified when adding an entry that refers to the default
	      object in The only way to add a comment to an entry with the option is to specify the object explicitly.

       Deletes an authorization from the system list of valid authorizations.
	      If object is not specified, then a default object will be assumed.  The default object will either be a wild card (*) or the  object
	      specified in the security default configuration file,

	      If the authorization exists in deletes the entry.  If the specified authorization is assigned to any roles in will remove the autho-
	      rization from the role.  If the specified authorization exists in an entry in will remove the entire entry.   If	the  authorization
	      does not exist in returns an error message.  See the section below for more information.

       Assigns an authorization pair
	      to  a  role.  verifies the role exists in before verifying the authorization pair exists in appends the authorization to the role to
	      authorization mapping in if the role and authorization pair exists.

	      If object is not specified, then a default object will be assigned.  The default object will either be a wild card (*) or the object
	      specified in the security default configuration file,

       Assigns a role to another different role.
	      The role being assigned to the other different role is referred to as a A subrole is any valid role defined in the database.

	      The  option  allows  hierarchical  role definition (one role can inherit other subrole).	After assigning a subrole to another role,
	      that role will also have all the authorizations of the subrole, and any of its subroles.	More than one subrole can be  assigned	to
	      other  different	role.	verifies the role and subrole exist in It also verifies that there is no recursive definitions of the role
	      and subrole.  (If "role1" has a subrole of "role2", and if you try to "role1" to "role2", this will cause a recursive definition	of
	      both "role1" and "role2").  appends the subrole to the role to authorization mapping in

	      Revokes  an  authorization from the specified role in If no authorization is specified, revokes all the authorizations for the given
	      role.  If object is not specified, then a default object will be assumed.  The default object will either be a wild card (*) or  the
	      object specified in the security default configuration file,

	      The file will be modified by the command.

	      Revokes  a subrole from the specified role in Note that the role specified as the subrole is not revoked from the database, just the
	      subrole assignment is revoked.

	      For instance, if these entries are in the database:

	      will modify the line to:

	      revokes specified the authorizations and/or subrole for the given role.

	      Note: The file will be modified by the command.

	      Invoking the list command without any parameters lists every entry in Specifying a role name lists all the authorizations  and  sub-
	      roles  assigned  to  that role name.  Specifying an operation name lists all the roles witch have that operation name.  Specifying a
	      subrole name lists all the roles which have that subrole name.  Specifying lists all the authorizations in the database.

   Authorizations
       In order to invoke the user must either be root, (running with effective uid of 0), or have the appropriate authorization(s).  The  follow-
       ing is a list of the required authorizations for running with particular options:

       Allows user to run
	   with option.

       Allows user to run
	   option.

       Allows user to run
	   with or option.

       Allows user to run
	   with or option.

       Allows user to run
	   with option.

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE

       Success.
	    If is successful, it returns

       Failure.
	    returns and prints an appropriate error message to stderr.

EXAMPLES

       The following commands each add an authorization (operation, object) entry in the database file:

       The following commands each delete an authorization (operation, object) entry from the database file:

       The following commands each assign an authorization (operation, object) pair to a role in database file:

       The following commands each assign a subrole to a role in database file:

       The following commands each revokes an operation for the specified operation from a role in the file:

       The following commands each revokes a subrole from the specified role in the database file:

       The following command lists all the authorizations for the role:

       The following command lists all the entries with operation

       The following command lists all the entries with object

       The following command lists all the roles with their authorizations in database:

FILES

       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles allowed for each specified user.

       Database defining the authorizations for each specified role.

SEE ALSO

       cmdprivadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5).

																       authadm(1M)
All times are GMT -4. The time now is 01:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy