Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Assigning proc_owner privilege to particular user in RBAC
Operating Systems Solaris Assigning proc_owner privilege to particular user in RBAC Post 303036225 by jim mcnamara on Wednesday 19th of June 2019 02:20:59 PM
Old 06-19-2019
I do not think there is a "group_proc" privilege. You are going to have to set up sudo and and specifically allow those users to become the user that runs the application. But then they can "tink" with the application process.

sudo -
man pages section 1M: System Administration Commands It is part of Solaris 11.

Suppose the app runs with appuser. sudo su - appuser is the command they would use. I assume they are already in the same group as appuser. Let's call that group "foo"

You will have read up on sudoedit and /etc/sudoers You grant the permission to become "appuser" based on the fact that they are only in the special group I mentioned, "foo". Actually appuser does not have to be in the "foo" group, but then you open up access to anything that appuser can do in its own group to these newcomers.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Write privilege for user

Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory? My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies

2. UNIX for Advanced & Expert Users

RBAC: create a user to shut the server

Hi, I have created a user to shutdown the server using RBAC. Here are my steps: 1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys 2. passwd stopsys 3. edit /etc/security/prof_attr to include: Shut:::able to shut the server: 4. modrole -P Shut stopsys 5. useradd -u 1001 -g 10 -d... (2 Replies)
Discussion started by: chaandana
2 Replies

3. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies

4. Linux

Sudo user vs RBAC

Hi all, What the difference between the sudo users & RBAC when the talk of effects after doing the above comes??? any differences between them ,kindly list ?? (1 Reply)
Discussion started by: saurabh84g
1 Replies

5. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

6. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies

7. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies

8. AIX

sudo - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Discussion started by: Daniel Gate
9 Replies

9. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

LEARN ABOUT DEBIAN

csp_helper

csp_helper(1)							  USER COMMANDS 						     csp_helper(1)

  NAME
      csp_helper - A collection of caspar helper scripts

  SYNOPSIS
      csp_install dir (directory) file (file)

      csp_mkdircp dir (directory) file (file)

      csp_scp_keep_mode h ([user@]host) dir (directory) file (file)

      csp_sucp h ([user@]host) dir (directory) file (file)

  DESCRIPTION
      The  scripts  csp_install,  csp_mkdircp,	csp_scp_keep_mode  and csp_sucp are helpers for caspar(7). These scripts typically are not invoked
      directly, but via a Makefile which uses caspar. See the notes on	csp_PUSH  in  caspar(7)  for  information  on  how  to	link  csp_install,
      csp_scp_keep_mode and csp_sucp to caspar.

  install DESCRIPTION
      csp_install creates the required directory (if needed) and installs the file, preserving timestamps. It uses install(1).

  install EXAMPLES
       csp_INSTALL_OPTIONS='--owner=www-data --group=www-data' 
	csp_INSTALL_MODE=ugo=r 
	csp_install /srv/www index.html

       csp_INSTALL_MODE=u=rwx,go= csp_install /usr/local/sbin mkpasswd

  install ENVIRONMENT
      csp_install honors csp_INSTALL_OPTIONS and csp_INSTALL_MODE (default is u=rw,go=r).

  mkdircp DESCRIPTION
      csp_mkdircp calls mkdir(1) and cp(1).

  scp_keep_mode DESCRIPTION
      csp_scp_keep_mode  uses  ssh to copy a file to a remote host, keeping its file permission mode. The trick used is a combination of mktemp(1)
      and mv(1).  Useful if you'd like to be sure a file gets installed e.g. group writable, without fiddling with permission bits on  the  remote
      host.

  scp_keep_mode EXAMPLE
	chmod g+w rc
	csp_scp_keep_mode root@gandalf /etc/uruk rc

  scp_keep_mode ENVIRONMENT
      csp_scp_keep_mode honors csp_SSH ("ssh" by default).

  sucp DESCRIPTION
      csp_sucp calls cat(1) from within sudo(1) from within ssh(1). This allows one to copy files to accounts on hosts one can only reach by call-
      ing sudo on the ssh-reachable remote host.

      Typically, one wants to install a root-owned file, but one does not want to allow access to the root-account directly  from  ssh.  Typically
      sudo is used as an extra line of defense.

  sucp EXAMPLES
      Some examples:

	csp_sucp rms@bilbo /etc fstab

	csp_sucp monty-python commit/ trailer.txt

  sucp BUGS
      If  NOPASSWD  is	not  set in the sudoers(5) file, and one's timestamp is expired, csp_sucp will forward the sudo password prompt. The given
      password will be echoed on the console!

  AUTHOR
      Joost van Baal-Ili

  SEE ALSO
      caspar(7) The caspar homepage is at http://mdcc.cx/caspar/ .

  csp_helper 20120514						      14 mai 2012						       csp_helper(1)
All times are GMT -4. The time now is 09:57 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy