Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
Hi,
I have a C++ program to access /dev/mem and retrieve details like Vendor, Manufacturer details of the motherboard. This works fine on all the machines except for on Dell Poweredge 2850,1950... machines.
I receive a 'EFAULT' when I try to access /dev/mem on these servers.
I suspect some... (1 Reply)
Dear
i have installed Solaris 10 on SUN V240
after installation i can not access system through root user
if i access system through any other user it conects but root is not connecting through LAN
if i connect through SC and then access root though cosole -f command it also works
kindly... (6 Replies)
Hi,
I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history?
thank you,
S (4 Replies)
Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up:
SEVERE: Error initializing endpoint
java.net.BindException: Permission denied<null>:443 (5 Replies)
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
greetings, just ran across a fun situation we had overlooked.
We have a backdoor user, no special privileges, which we put on every server so that anyone in the shop can get in (passwd in vault) if they need to, even if they don't have a local account on that server. The point of course is to... (3 Replies)
Discussion started by: maraixadm
3 Replies
LEARN ABOUT SUSE
smrsh
SMRSH(8) System Manager's Manual SMRSH(8)NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files. It sharply limits
the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system. Briefly,
even if a ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
that he or she can execute.
Briefly, smrsh limits programs to be in a single directory, by default /usr/lib/sendmail.d/bin/ allowing the system administrator to choose
the set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the
characters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks.
It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''
Initial pathnames on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca-
tion'', and ``vacation'' all actually forward to `/usr/lib/sendmail.d/bin/vacation''.
System administrators should be conservative about populating the /usr/lib/sendmail.d/bin/ directory. For example, a reasonable additions
is vacation(1), and the like. No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the
/usr/lib/sendmail.d/bin/ directory. Note that this does not restrict the use of shell or perl scripts in the /usr/lib/sendmail.d/bin/
directory (using the ``#!'' syntax); it simply disallows execution of arbitrary programs. Also, including mail filtering programs such as
procmail(1) is a very bad idea. procmail(1) allows users to run arbitrary programs in their procmailrc(5).
COMPILATION
Compilation should be trivial on most systems. You may need to use -DSMRSH_PATH="path" to adjust the default search path (defaults to
``/bin:/usr/bin'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/lib/sendmail.d/bin/'').
FILES
/usr/lib/sendmail.d/bin/ - default directory for restricted programs on SuSE Linux
SEE ALSO sendmail(8)
$Date: 2004/08/06 03:55:35 $ SMRSH(8)