Short answer to risk: yes. Not secure. That privilege means your power user reads the entire command line for ANY process, sometimes privileged processes get started something like this:
The power user can get environment variables inside the process with pargs -e, so if the secure user has a password embedded in an environment variable the power user can see it.
That power user may under some circumstances also read some of the /proc files for other processes.
Sounds like a security problem to me. You will have to be certain that nowhere are there system scripts that require passwords passed to them or have them in a login variable or an envirionment variable, for example.
This privilege would be good on a development machine, not so good on a production box.
How to assign and un-assign
Turn off for user
Turn on for user:
The difference is just a single ! character
This User Gave Thanks to jim mcnamara For This Post:
Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory?
My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Hi,
I have created a user to shutdown the server using RBAC.
Here are my steps:
1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys
2. passwd stopsys
3. edit /etc/security/prof_attr to include:
Shut:::able to shut the server:
4. modrole -P Shut stopsys
5. useradd -u 1001 -g 10 -d... (2 Replies)
I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root.
/usr/IBMIHS/bin# ./apachectl start
(13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Hi all,
What the difference between the sudo users & RBAC when the talk of effects after doing the above comes???
any differences between them ,kindly list ?? (1 Reply)
Hello experts I am new to Unix.
Env : HPUX
I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits .
How do I do that.
Reason for such a request :-
I have an existing user oracle which has default umask... (3 Replies)
I am planning to implement sudo for users.
Under , it looks I have to put the users who need to have sudo access:
What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users.
I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Hi ,
I want to create 3 different user with below privilege in Solaris and Linux.
1) Read Only
2)Read and Write Only
3) Admin user
Can you guys help me on this . (3 Replies)