06-19-2019
I do not think there is a "group_proc" privilege. You are going to have to set up sudo and and specifically allow those users to become the user that runs the application. But then they can "tink" with the application process.
sudo -
man pages section 1M: System Administration Commands It is part of Solaris 11.
Suppose the app runs with appuser.
sudo su - appuser is the command they would use. I assume they are already in the same group as appuser. Let's call that group "foo"
You will have read up on
sudoedit and /
etc/sudoers You grant the permission to become "appuser" based on the fact that they are only in the special group I mentioned, "foo". Actually appuser does not have to be in the "foo" group, but then you open up access to anything that appuser can do in its own group to these newcomers.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory?
My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies
2. UNIX for Advanced & Expert Users
Hi,
I have created a user to shutdown the server using RBAC.
Here are my steps:
1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys
2. passwd stopsys
3. edit /etc/security/prof_attr to include:
Shut:::able to shut the server:
4. modrole -P Shut stopsys
5. useradd -u 1001 -g 10 -d... (2 Replies)
Discussion started by: chaandana
2 Replies
3. AIX
I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root.
/usr/IBMIHS/bin# ./apachectl start
(13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies
4. Linux
Hi all,
What the difference between the sudo users & RBAC when the talk of effects after doing the above comes???
any differences between them ,kindly list ?? (1 Reply)
Discussion started by: saurabh84g
1 Replies
5. Solaris
Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies
6. UNIX for Dummies Questions & Answers
Hello experts I am new to Unix.
Env : HPUX
I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits .
How do I do that.
Reason for such a request :-
I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies
7. AIX
How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies
8. AIX
I am planning to implement sudo for users.
Under , it looks I have to put the users who need to have sudo access:
What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users.
I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Discussion started by: Daniel Gate
9 Replies
9. Shell Programming and Scripting
Hi ,
I want to create 3 different user with below privilege in Solaris and Linux.
1) Read Only
2)Read and Write Only
3) Admin user
Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies
LEARN ABOUT DEBIAN
csp_mkdircp
csp_helper(1) USER COMMANDS csp_helper(1)
NAME
csp_helper - A collection of caspar helper scripts
SYNOPSIS
csp_install dir (directory) file (file)
csp_mkdircp dir (directory) file (file)
csp_scp_keep_mode h ([user@]host) dir (directory) file (file)
csp_sucp h ([user@]host) dir (directory) file (file)
DESCRIPTION
The scripts csp_install, csp_mkdircp, csp_scp_keep_mode and csp_sucp are helpers for caspar(7). These scripts typically are not invoked
directly, but via a Makefile which uses caspar. See the notes on csp_PUSH in caspar(7) for information on how to link csp_install,
csp_scp_keep_mode and csp_sucp to caspar.
install DESCRIPTION
csp_install creates the required directory (if needed) and installs the file, preserving timestamps. It uses install(1).
install EXAMPLES
csp_INSTALL_OPTIONS='--owner=www-data --group=www-data'
csp_INSTALL_MODE=ugo=r
csp_install /srv/www index.html
csp_INSTALL_MODE=u=rwx,go= csp_install /usr/local/sbin mkpasswd
install ENVIRONMENT
csp_install honors csp_INSTALL_OPTIONS and csp_INSTALL_MODE (default is u=rw,go=r).
mkdircp DESCRIPTION
csp_mkdircp calls mkdir(1) and cp(1).
scp_keep_mode DESCRIPTION
csp_scp_keep_mode uses ssh to copy a file to a remote host, keeping its file permission mode. The trick used is a combination of mktemp(1)
and mv(1). Useful if you'd like to be sure a file gets installed e.g. group writable, without fiddling with permission bits on the remote
host.
scp_keep_mode EXAMPLE
chmod g+w rc
csp_scp_keep_mode root@gandalf /etc/uruk rc
scp_keep_mode ENVIRONMENT
csp_scp_keep_mode honors csp_SSH ("ssh" by default).
sucp DESCRIPTION
csp_sucp calls cat(1) from within sudo(1) from within ssh(1). This allows one to copy files to accounts on hosts one can only reach by call-
ing sudo on the ssh-reachable remote host.
Typically, one wants to install a root-owned file, but one does not want to allow access to the root-account directly from ssh. Typically
sudo is used as an extra line of defense.
sucp EXAMPLES
Some examples:
csp_sucp rms@bilbo /etc fstab
csp_sucp monty-python commit/ trailer.txt
sucp BUGS
If NOPASSWD is not set in the sudoers(5) file, and one's timestamp is expired, csp_sucp will forward the sudo password prompt. The given
password will be echoed on the console!
AUTHOR
Joost van Baal-Ili
SEE ALSO
caspar(7) The caspar homepage is at http://mdcc.cx/caspar/ .
csp_helper 20120514 14 mai 2012 csp_helper(1)