Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Non root user access to /dev/mem
Top Forums UNIX for Advanced & Expert Users Non root user access to /dev/mem Post 303021413 by Neo on Thursday 9th of August 2018 05:53:26 AM
Old 08-09-2018
The instructions are pretty clear in that doc you added:

Quote:
Before running Perceptive Content Server as a non-root user on a shadowed system, you need to configure Role Based Access Control (RBAC) or an Access Control List (ACL).

If your Linux distributor offers RBAC as a supported package or embeds it into the Linux Kernel, you can use the configuration options detailed in the following sections of this document. Otherwise, to achieve rootless authentication, you need to download a third party RBAC kernel module from a trusted source.

Verify that the RBAC kernel provides the roles necessary to read your shadowed passwd file, and can provide read access to /dev/mem. While you can grant ACL read privileges to /etc/shadow, a kernel module/patch is required to grant read privileges to /dev/mem and cannot be granted with ACL privileges alone.

If you are unable to locate a trustable source or you are concerned about security issues with downloading a third party RBAC kernel module, you can use the built in security features of Perceptive

Content to release root privileges and run as another user after server initialization. To use these built insecurity features, you need to configure daemons to run on a non-root user account.
Did you verify your Linux kernel has been built to permit RBAC per the instructions?
 

10 More Discussions You Might Find Interesting

1. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

2. Programming

/dev/mem on Dell Poweredge

Hi, I have a C++ program to access /dev/mem and retrieve details like Vendor, Manufacturer details of the motherboard. This works fine on all the machines except for on Dell Poweredge 2850,1950... machines. I receive a 'EFAULT' when I try to access /dev/mem on these servers. I suspect some... (1 Reply)
Discussion started by: ragisreekanth
1 Replies

3. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

4. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

5. Solaris

Non-root user access to privileged ports-Solaris 8

Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up: SEVERE: Error initializing endpoint java.net.BindException: Permission denied<null>:443 (5 Replies)
Discussion started by: pingmeback
5 Replies

6. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

7. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

8. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

9. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

10. AIX

Best practices for sugroups for root ? backdoor user access ?

greetings, just ran across a fun situation we had overlooked. We have a backdoor user, no special privileges, which we put on every server so that anyone in the shop can get in (passwd in vault) if they need to, even if they don't have a local account on that server. The point of course is to... (3 Replies)
Discussion started by: maraixadm
3 Replies

LEARN ABOUT HPUX

rbacdbchk

rbacdbchk(1M)															     rbacdbchk(1M)

NAME

       rbacdbchk - Verifies the syntax of the Role-Based Access Control (RBAC) database files

SYNOPSIS

DESCRIPTION

       verifies that there are no conflicting or inconsistent entries in and amongst the RBAC database files.  also checks the syntax of the data-
       base files and prints messages indicating which lines contain errors.  returns zero output if no errors are present in the database files.

       All the RBAC database files and are verified.  See rbac(5) for more information on these RBAC database files.

   Options
       supports the following options:

	      Checks the
		     database.

	      Checks the
		     database.

	      Checks the
		     database.

	      Checks the
		     database.

	      Checks the
		     database.

	      Cross reference checks all databases.

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE

       0.   Success
       1.   Incorrect syntax

EXAMPLES

       The following example finds an error that user is an invalid user

	      # rbacdbchk
	      [/etc/rbac/user_role] John: Administrator
		      invalid user
		      The value 'John' for the Username field is bad.

       The following example finds a syntax error, an extra colon at the end of a line:

	      # rbacdbchk
	      [/etc/rbac/user_role] root:     Administrator:
		      invalid name: Not alphanumeric
		      The value 'Administrator:' for the Rolename field is bad.

	      [Role in role_auth DB with no assigned user in user_role DB]
	      Administrator:(hpux.*, *)

       The following example finds a field missing:

	      # rbacdbchk
	      [/etc/rbac/roles] : my comment
		      invalid name: <empty>
		      The value '' for the Rolename field is bad.

       The following example finds a bad role:

	      # rbacdbchk

	      [Role in role_auth DB with no assigned user in user_role DB]
	      blah:(hpux.*, *)

	      [Invalid Role in role_auth DB. Role 'blah' does not exist in the roles DB]
	      blah:(hpux.*, *)

       The following example finds a bad group name:

	      # rbacdbchk
	      [/etc/rbac/user_role] &blah:    Administrator
		      invalid group
		      The value 'blah' for the Group name field is bad.

FILES

       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles for each specified user.

       Database that defines the authorizations for each role.

       Database containing the authorization to execute specified commands,
	      and the privileges to alter uid and gid for command execution.

       Database that defines the role-to-authorization to audit

SEE ALSO

       authadm(1M), cmdprivadm(1M), privrun(1M), rbac(5).

																     rbacdbchk(1M)
All times are GMT -4. The time now is 02:40 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy