Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Assigning proc_owner privilege to particular user in RBAC
Operating Systems Solaris Assigning proc_owner privilege to particular user in RBAC Post 303036164 by jim mcnamara on Monday 17th of June 2019 06:25:02 PM
Old 06-17-2019
Short answer to risk: yes. Not secure. That privilege means your power user reads the entire command line for ANY process, sometimes privileged processes get started something like this:
Code:
/path/to/foobar  jon/password

The power user can get environment variables inside the process with pargs -e, so if the secure user has a password embedded in an environment variable the power user can see it.
That power user may under some circumstances also read some of the /proc files for other processes.

Sounds like a security problem to me. You will have to be certain that nowhere are there system scripts that require passwords passed to them or have them in a login variable or an envirionment variable, for example.

This privilege would be good on a development machine, not so good on a production box.

How to assign and un-assign
Turn off for user
Code:
usermod -K 'defaultpriv=basic,!proc_info' user

Turn on for user:
Code:
usermod -K 'defaultpriv=basic,proc_info' user

The difference is just a single ! character
This User Gave Thanks to jim mcnamara For This Post:
sb200
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Write privilege for user

Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory? My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies

2. UNIX for Advanced & Expert Users

RBAC: create a user to shut the server

Hi, I have created a user to shutdown the server using RBAC. Here are my steps: 1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys 2. passwd stopsys 3. edit /etc/security/prof_attr to include: Shut:::able to shut the server: 4. modrole -P Shut stopsys 5. useradd -u 1001 -g 10 -d... (2 Replies)
Discussion started by: chaandana
2 Replies

3. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies

4. Linux

Sudo user vs RBAC

Hi all, What the difference between the sudo users & RBAC when the talk of effects after doing the above comes??? any differences between them ,kindly list ?? (1 Reply)
Discussion started by: saurabh84g
1 Replies

5. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

6. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies

7. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies

8. AIX

sudo - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Discussion started by: Daniel Gate
9 Replies

9. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

LEARN ABOUT REDHAT

userdel

USERDEL(8)						      System Manager's Manual							USERDEL(8)

NAME

       userdel - Delete a user account and related files

SYNOPSIS

       userdel [-r] login

DESCRIPTION

       The  userdel  command modifies the system account files, deleting all entries that refer to login.  The named user must exist.  The options
       which apply to the userdel command are:

       -r     Files in the user's home directory will be removed along with the home directory itself and the user's mail spool.  Files located in
	      other file systems will have to be searched for and deleted manually.

FILES

       /etc/passwd - user account information
       /etc/shadow - secure user account information
       /etc/group - group information

CAVEATS

       userdel will not allow you to remove an account if the user is currently logged in.  You must kill any running processes which belong to an
       account that you are deleting.  You may not remove any NIS attributes on an NIS client.	This must be performed on the NIS server.

SEE ALSO

       chfn(1), chsh(1), passwd(1), groupadd(8), groupdel(8), groupmod(8), useradd(8), usermod(8)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	USERDEL(8)
All times are GMT -4. The time now is 05:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy